OIG Audit Finds Deficiencies in DOT IT Systems' Resilience
The DOT agencies have not all effectively tested their plans to ensure they will work in the event of a disruption, the audit found, with OIG reporting that the Federal Aviation Administration did not conduct annual contingency plan testing for certain high-impact systems as required.
A new audit by the U.S. Department of Transportation's Inspector General's office examined the disaster recovery plans for DOT agencies' information systems. With more than 450 information systems currently used by the department, including systems for air traffic control and communication, effective disaster recovery planning is critical to maintain the systems for these agencies during an unexpected event, according to the OIG, which found that the disaster recovery plans for the Federal Highway Administration, Federal Railroad Administration, Federal Motor Carrier Safety Administration, and Pipeline and Hazardous Materials Safety Administration were not in compliance with DOT policy.
In addition, the DOT agencies have not all effectively tested their plans to ensure they will work in the event of a disruption, the audit found, with OIG reporting that the Federal Aviation Administration did not conduct annual contingency plan testing for certain high-impact systems as required and FAA, FMCSA, PHMSA, and FRA did not conduct required functional disaster recovery testing.
The auditors made nine recommendations to improve the effectiveness of IT systems' contingency planning and testing. The department concurred with all nine of the recommendations, and the Inspector General's office reported that it considers all of them resolved but open pending completion of planned actions.
The audit found that the systems could be vulnerable to disruptions such as power outages, hardware disk drive failure, equipment destruction, or fire.
The catalyst for the audit was an FAA contract employee who deliberately set fire to critical equipment at FAA's Chicago Air Route Traffic Control Center in September 2014, which was the second time since May 2014 that a fire at a Chicago area air traffic control facility resulted in delays and cancellations of
hundreds of flights in and out of O'Hare and Midway international airports.