Review of Web Applications Security and Intrusion Detection in Air Traffic Control Systems
On May 4, 2009, we issued our report on Federal Aviation Administration (FAA) web applications security and intrusion detection in air traffic control (ATC) systems, requested by the Ranking Minority Members of the full House Transportation and Infrastructure Committee and its Aviation Subcommittee. We found that web applications used in supporting ATC systems operations were not properly secured to prevent attacks or unauthorized access. During the audit, our staff gained unauthorized access to information stored on web application computers and an ATC system, and confirmed system vulnerability to malicious code attacks. In addition, we found that FAA had not established adequate intrusion–detection capability to monitor and detect potential cyber security incidents at ATC facilities. Intrusion–detection systems have been deployed to only 11 (out of hundreds of) ATC facilities. Also, cyber incidents detected were not remediated in a timely manner.
American Recovery and Reinvestment Act of 2009: Oversight Challenges Facing the Department of Transportation
On March 31, we issued our report on oversight challenges facing the Department of Transportation with the implementation of the American Recovery and Reinvestment Act (ARRA) of 2009. The objective of this audit was to highlight key DOT oversight challenges–based on prior OIG reports and other agencies’ relevant audit work–and identify actions DOT should take now in support of ARRA requirements. Our report condensed the challenges into the following 10 focus areas where DOT must exhibit sustained and effective actions related to providing oversight to grantees receiving ARRA funding; implementing new requirements and programs mandated by ARRA; and preventing fraud, waste, and abuse: (1) acquire sufficient personnel with relevant expertise to oversee grantees; (2) adhere to existing Federal requirements for programs funded under ARRA; (3) evaluate the credibility and completeness of cost and schedule estimates; (4) oversee grantees’ contracting management activities and ensure selection of appropriate contract types; (5) address internal control weaknesses and identify unused funds for use on other eligible projects; (6) implement new ARRA tracking and reporting requirements that are designed to promote accountability and transparency; (7) develop comprehensive plans and sound criteria for the new discretionary grant and passenger rail programs created by ARRA; (8) develop appropriate oversight strategies for the new programs created by ARRA by drawing lessons from DOT’s Operating Administrations; (9) enhance understanding among DOT staff, grantees, and their contractors on how to recognize, prevent, and report potential fraud; and (10) take timely and effective action to suspend and/or debar individuals or firms that have defrauded the Department so they do not receive Federal contracts in the future.
|
