An official in the Transportation Department’s Office of Inspector General says DOT websites launched to provide the public with information about Recovery Act funding and projects are vulnerable to cyber attacks.
DOT officials launched an audit from December 2009 to July 2010 to examine if DOTâs recovery websites, which track and disseminate the $48 billion in funds awarded for DOTâs projects, were properly configured to minimize the risk of a cyber attack.
The report concludes DOTâs websites face both high- and low-risk cyber threats.
The vulnerabilities exist âbecause the websites, servers, and database systems are not configured in compliance with DOT’s configuration security standards,â the report finds. âAs a result, the systems are vulnerable to cyber attacks, which could not only undermine DOT’s [Recovery Act} reporting, but also interrupt DOT’s business operations.â
Most of the high-risk vulnerabilities are associated with eight of DOTâs 13 sites.
âThese vulnerable websites could put users’ computers in danger by allowing hackers to gain access to the users’ computer and their personal information, thus diminishing the public’s trust in the agency.â
In some instances, computer servers, which host Recovery Act data, were at risk, open to hackers who could unleash a virus onto DOTâs network.
âBy exploiting the high-risk vulnerabilities, hackers could attack the computers used by the public to access the websites and gain access to sensitive data,â the report finds, âsuch as password files stored on servers, take control of a server and attack other computers on DOT’s networks.â
The inspector generalâs office has already briefed transportation authorities on fixes for the security risks.
In August, DOTâs inspector general said the Federal Aviation Administrationâs computer systems were vulnerable to cyber attacks, spurring Congress to urge FAA to make the necessary security fixes.