National Transportation Safety Board: Progress Made in Management Practices, Investigation Priorities, Training Center Use, and Information Security, But These Areas Continue to Need Improvement
Highlights
The National Transportation Safety Board (NTSB) plays a vital role in advancing transportation safety by investigating accidents, determining their causes, issuing safety recommendations, and conducting safety studies. To support its mission, NTSB's training center provides training to NTSB investigators and others. It is important that NTSB use its resources efficiently to carry out its mission. In 2006, GAO made recommendations to NTSB in most of these areas. In 2007, an independent auditor made information security recommendations. This testimony addresses NTSB's progress in following leading practices in selected management areas, increasing the efficiency of aspects of investigating accidents and conducting safety studies, increasing the utilization of its training center, and improving information security. This testimony is based on GAO's assessment of agency plans and procedures developed to address these recommendations.
Recommendations
Recommendations for Executive Action
Agency Affected | Recommendation | Status |
---|---|---|
National Transportation Safety Board | To assist NTSB in continuing to strengthen its overall management of the agency as well as information security, and to ensure that Congress is kept informed of progress in improving the management of the agency, the Chairman of NTSB should report on the status of GAO recommendations concerning management practices in the agency's annual performance and accountability report or other congressionally approved reporting mechanism. | GAO found in 2008 that it was important that Congress have updated information on challenges that the agency faced in improving its management for its continuing oversight, but that there was no reporting requirement for its management challenges not related to information security. GAO recommended that NTSB report on the status of GAO recommendations concerning management practices in the agency's annual performance and accountability report or other congressionally approved reporting mechanism. In its 2009 Annual Report to Congress, issued in July 2010, NTSB reported on the status of GAO's recommendations concerning management practices. This ensures that Congress has updated... information that it needs for oversight.
View More |
National Transportation Safety Board | To assist NTSB in continuing to strengthen its overall management of the agency as well as information security, the Chairman should direct NTSB's Chief Information Officer to encrypt information/data on all laptops and mobile devices unless the data are determined to be non-sensitive by the agency's deputy director or his/her designate. | In 2008, GAO found that NTSB information and information systems were at increased risk of unauthorized access and unauthorized disclosure. GAO recommended that NTSB encrypt information/data on all laptops unless the data were determined to be non-sensitive. GAO performed limited testing to verify that NT SB has implemented its recommendation to install encryption software. Agency officials confirmed, however, that while encryption software is operational on 410 of the agency's approximately 420 laptop computers, the remaining laptops do not have encryption software installed because they do not include sensitive information and are not removed from the headquarters building. With this...
|
National Transportation Safety Board | To assist NTSB in continuing to strengthen its overall management of the agency as well as information security, the Chairman should remove user's local administrative privileges from all workstations except administrators' workstations, where applicable, and document any exceptions granted by the Chief Information Officer. | In fiscal year 2008 we testified that National Transportation Safety Board (NTSB) had inappropriately granted excessive access privileges to users. Users with local administrator privileges on their workstations had complete control over all local resources, including accounts and files, and had the ability to load software with known vulnerabilities, either unintentionally or intentionally, and to modify or reconfigure their computers in a manner that could negate network security policies as well as provide an attack vector into the internal network. As a result, increased risk existed that these users could compromise NTSB computers and internal network. We recommended that NTSB...
|