OIG to audit security of FTA's financial systems

The U.S. Department of Transportation's (USDOT) Office of Inspector General (OIG) is set to audit the security of the Federal Transit Administration's (FTA) financial management systems that support federal pandemic relief funding.

Under the Coronavirus Aid, Relief and Economic Security (CARES) Act, the USDOT received over $36 billion in funding to provide emergency assistance to the transportation industry. And of that amount, the FTA received $25 billion to distribute grants for transit infrastructure to prevent, prepare for and respond to the COVID-19 pandemic. FTA uses several financial management systems to approve, monitor and distribute the funds.

However, since March, the number of attacks on federal information systems has increased through a variety of techniques, including social engineering and spear phishing, according to a Nov. 12 memorandum from Kevin Dorsey, assistant inspector general for information technology audits.

"These attacks can hinder federal agency operations and threaten the operations of the FTA's financial management information systems by affecting system and information confidentiality, availability and integrity," Dorsey wrote. "For example, an attack can result in a system outage through a denial of service, or expose personally identifiable information and result in a data breach."

The audit will assess the effectiveness of FTA's financial management systems' security controls designed to protect the confidentiality, integrity and availability of the systems and their information, Dorsey's memo stated.

The OIG plans to begin its work immediately, and will conduct he audit remotely at USDOT headquarters and contract sites as necessary.