Amtrak uses operational technology (OT) systems to manage equipment that controls train operations, such as communications and dispatching. Disruptions to these systems resulting from a disaster—whether caused by human or technical error, natural disasters, cybersecurity attacks, or physical attacks—could cause train delays and cancellations, revenue losses, and safety risks. Accordingly, our objective was to assess the company’s disaster recovery practices for its OT systems. Given the sensitive nature of the report’s information, we summarized the results in this public version of the report. Our assessment of the company’s disaster recovery practices for its OT systems resulted in three recommendations. Company executives agreed with our recommendations and described ongoing and planned actions to address them.
Report File
Date Issued
Submitting OIG
Amtrak (National Railroad Passenger Corporation) OIG
Agencies Reviewed/Investigated
Amtrak (National Railroad Passenger Corporation)
Report Number
OIG-A-2025-003
Report Description
Report Type
Audit
Agency Wide
Yes
Questioned Costs
$0
Funds for Better Use
$0
Report updated under NDAA 5274
No
External Link
Open Recommendations
This report has 3 open recommendations.
| Recommendation Number | Significant Recommendation | Recommended Questioned Costs | Recommended Funds for Better Use | Additional Details | |
|---|---|---|---|---|---|
| 1 | Yes | $0 | $0 | ||
| Establish a mechanism to ensure that groups with disaster recovery responsibilities prioritize and enforce the company’s strategy and effectively communicate and coordinate with each other. | |||||
| 2 | Yes | $0 | $0 | ||
| For each OT system, develop, document, and implement a comprehensive disaster recovery plan that includes a process to keep the plan current. | |||||
| 3 | Yes | $0 | $0 | ||
| Develop and begin implementing a technology refresh plan with milestones for replacing outdated OT devices. | |||||
