The Department of Transportation understands the threat against the nation’s cyber infrastructure and has made cybersecurity a top priority. DOT is taking action to respond to the threat and improve the cybersecurity posture and capabilities of the United States. The department faces the challenge of implementing the administration’s priority, responding to an increasing cyber threat, adapting its security posture to a Web 2.0/3.0 environment and achieving the goals of national cybersecurity strategic plans and initiatives. Cybersecurity priorities are:
- Standards, Policies and Directives
The OCIO ensures that DOT policies and standards inform, direct and ensure DOT implementation of federal cybersecurity initiatives, including National Security Presidential Directive 54/Homeland Security Presidential Directive 23 (NSPD-54/HSPD-23).
- Situational Awareness and Incident Response
The OCIO enhances support for the DOT Cyber Security Management Center (CSMC) and cyber incident response; enhance situational awareness of the DOT cyber infrastructure using advanced technology; and improve information sharing with the Department of Homeland Security.
- Independent Verification and Validation
The OCIO enhances verification and validation (V & V) functions as required by statute; expand the use of Office of Management and Budget-authorized reporting tools; and increase the use of automation tools to reduce the V & V burden on DOT system and service owners.
- Certification and Accreditation (C & A)
The OCIO modernizes the DOT C & A program and processes using new technology and processes; expand the use of Cyber Security Assessment and Management (CSAM) tool; and enhance data quality reviews to identify and correct performance gaps.
The OCIO enhances compliance with federal statutes and requirements to protect privacy information; ensure closure of privacy performance gaps; and expand upon V & V of the privacy postures of DOT systems.