Department of Transportation

Safety is the U.S. Department of Transportation’s (DOT) top priority reflected in the DOT Strategic Plan 2012-2016. The DOT recognized that Cybersecurity is a key element to realizing their safety goals. In order to achieve this, the Chief Information Security Officer is focused on strengthening the Department’s security posture through continuous monitoring, network situational awareness, and secure access control. In FY12 DOT decided that a structured, coordinated, and programmatic approach would be used to promote the confidentiality, integrity, and availability of DOT utilized information and systems. A Cyber Safety Team, supported by Phase One, is in place with strong program management skills and security expertise to support the Chief Information Security Officer and the Chief Information Officer.

Why This Matters To You

Cybersecurity is a growing challenge across both the public and private sectors due to increasing connectivity and reliance on technology. Critical infrastructure, including the nation’s air traffic control system and high speed rail, relies on a vast network of information technology that must operate in a secure environment.

The DOT recognizes the criticality of its systems and the opportunity to enhance its security posture to benefit both the traveling public and the nation’s economy. As such, ensuring the Department adheres to guidance provided by other agencies – such as National Institute of Standards and Technology
(NIST) – to implement the most current security standards and to remediate known vulnerabilities is of both operational and strategic importance.

Implementing technology solutions that will enable continuous monitoring, network situational awareness, and secure access control will allow the DOT to transition from a defensive posture to a proactive posture where its security experts can focus on identi- fying emerging threats before new vulnerabilities emerge.

How We Helped

Phase One has been supporting the Department’s Cybersecurity, Privacy, and Information Assurance Team, since 2010. Given the role of providing overall coordination and program management support, our team has worked with the Information System Security Managers from the Operating Administrations (OA), such as the Federal Aviation Administration (FAA), to implement DOT’s identity management strategy to align with federal identify, credential, and access management guidance. We have also worked closely
with other DOT offices to fully leverage the personal identification verification (PIV) card.

The Phase One team assisted in the implementation and configuration of tools that enable network and security situational awareness and compliance. Our team manages the DOT enterprise security services ensuring these capabilities meet OCIO and OA requirements, are fully leveraged, cost-efficient, and kept up-to-date with the latest federal requirements and standards.

The Phase One team also developed policies and created procedural guidance to aid the DOT OAs in applying proper security controls to improve the Cybersecurity posture of the Department.