Our objective for this report was to assess the effectiveness of the company’s practices for identifying and tracking its operational technology assets to facilitate its ability to protect them from cybersecurity threats.We identified opportunities for the company to improve its practices for identifying and tracking its OT assets for cybersecurity purposes and made four recommendations. Given the sensitive nature of the report’s information, we have summarized the results in this public version of the report.In commenting on a draft of this report, company executives agreed with our recommendations and identified actions that the company is taking to address them.THE TRANSPORTATION SECURITY ADMININSTRATION AND THE DEPARTMENT OF TRANSPORTATION HAVE DETERMINED THAT THIS REPORT CONTAINS SENSITIVE SECUITY INFORMATION (SSI) that is controlled under 49 CFR parts 15 and 1520 to protect Sensitive Security Information exempt from public disclosure. For Amtrak OIG, public disclosure is governed by 5 U.S.C. § 552 and 49 CFR parts 15 and 1520. This public version of the report has been redacted.
Report File
Date Issued
Submitting OIG
Amtrak (National Railroad Passenger Corporation) OIG
Other Participating OIGs
Amtrak (National Railroad Passenger Corporation) OIG
Agencies Reviewed/Investigated
Amtrak (National Railroad Passenger Corporation)
Report Number
OIG-A-2023-002
Report Description
Report Type
Audit
Agency Wide
Yes
Questioned Costs
$0
Funds for Better Use
$0
Additional Details
Open Recommendations
This report has 1 open recommendations.
Recommendation Number | Significant Recommendation | Recommended Questioned Costs | Recommended Funds for Better Use | Additional Details | |
---|---|---|---|---|---|
3 | Yes | $0 | $0 | ||
Develop and implement enterprise-wide policies and procedures—including clear roles and responsibilities for all key stakeholders—as well as training for maintaining complete OT asset inventory data for cybersecurity purposes. |