House Committee on Transportation & Infrastructure Hearing on “The Evolving Cybersecurity Landscape: Federal Perspectives on Securing the Nation's Infrastructure”
December 2, 2021
Testimony of U.S. Department of Transportation Chief Information Officer Cordell Schachter
Chair DeFazio, Ranking Member Graves, and Members of the Committee, thank you for the opportunity to testify before you today, and for your support of the Department of Transportation (DOT). I am honored to be here with Federal Aviation Administration (FAA) Chief Information Security Officer Larry Grossman, US DOT Office of Inspector General (OIG) Assistant Inspector General for IT Audits, Kevin Dorsey, and officials from the US Coast Guard, the Transportation Security Administration, and the U.S. Government Accountability Office (GAO).
I was appointed US DOT’s Chief Information Officer, or CIO on August 30th of this year. My testimony today is based on my observations and review of DOT records during my 3 months in this position. My testimony is also informed by my 26 years of service as a local government official in New York City (NYC), 13 years of that service as Chief Technology Officer and CIO of New York City’s Department of Transportation. In between 2 tours of NYC government service, I worked 9 years for several multi-national technology companies. I have also taught masters level courses in civic technology at New York University in NYC and at Saint Peter’s University in Jersey City, New Jersey. I believe US DOT’s cyber security program has
improved the department’s information security posture and we’re on a path for continual improvement according to government best practices.
US DOT’s executive ranks have many positions filled by professionals with the knowledge and the experience of providing service directly to the public. This begins with Secretary Pete Buttigieg, Deputy Secretary Polly Trottenberg, and the leaders of many of our Operating Administrations or modes. They have also held key elected and appointed leadership positions in cities and states solving problems, protecting citizens, and improving the quality of life of their constituents. We now have before us one of the greatest opportunities to improve the quality of life for all Americans. We look forward to partnering with Congress and our sister federal agencies to implement the landmark Bipartisan Infrastructure Law. In fact, on the same day that President Biden signed the Law, he executed an Executive Order to ensure—among other priorities—increased coordination across the public sector to implement it effectively.
Our executive leadership team’s experience includes making improvements to systems while they continue to operate. Similarly, we’ll continue to improve our existing systems to make them more secure, while they continue to operate, so that they resiliently support DOT’s operations and the American people.
I want to transparently acknowledge that we have multiple open findings from previous OIG and GAO cybersecurity audits. I have designated cyber security improvement as the top priority for DOT’s Information Technology organization, the Office of the Chief Information Officer.
We have begun a series of “cyber sprints” that will establish Plans of Action and Milestones to meet our federal cyber security requirements and implement best practices, including those from President Biden’s Executive Order 14028 Improving the Nation's Cybersecurity; the Federal Information Technology Acquisition Reform Act (FITARA); the Federal Information Security Management Act (FISMA); Office of Management and Budget (OMB) memoranda; the National Institute for Standards and Technology (NIST) Cybersecurity Framework; and inspector general and GAO findings.
DOT is actively working to meet its responsibilities to securely improve the Department’s information technology infrastructure while implementing our portions of the Bipartisan Infrastructure Law. We will also meet the challenge of continuously improving the cybersecurity of DOT information technology systems while keeping those systems available for use. We look forward to working with this Committee, our agency partners, and the White House to strengthen and protect our infrastructure and systems. Thank you again for the opportunity to testify. I will be happy to answer your questions.