Technology: Results of Audit Assessing the Company’s Disaster Recovery Practices for Its Operational Technology Systems

Amtrak uses operational technology (OT) systems to manage equipment that controls train operations, such as communications and dispatching. Disruptions to these systems resulting from a disaster—whether caused by human or technical error, natural disasters, cybersecurity attacks, or physical attacks—could cause train delays and cancellations, revenue losses, and safety risks. Accordingly, our objective was to assess the company’s disaster recovery practices for its OT systems. Given the sensitive nature of the report’s information, we summarized the results in this public version of the report. Our assessment of the company’s disaster recovery practices for its OT systems resulted in three recommendations. Company executives agreed with our recommendations and described ongoing and planned actions to address them.