Write Up:

MoDOT uses thousands of computer devices to get work completed from multiple locations around the state. Keeping those computers safe from outside computer threats is a 24-hour job using the latest security measures. 

During this past reporting period, MoDOT reported nine cybersecurity incidents, which is a decrease of 16 incidents from the previous quarter. There was a total of 49 incidents for FY 2020 compared to 61 incidents for the same reporting timeframe in FY 2019.  All nine incidents are related to users accessing or attempting to access sites with malicious content, with two of the nine incidents related to mobile devices.

New technology products, as well as the addition of some policy changes, are aiding in helping to reduce the number of cybersecurity incidents. The new technology consists of a more robust tool to target and trap malicious email phishing campaigns. Along with this new tool, new policy changes to increase the length and strength of user passwords have also been implemented.  

MoDOT continues to emphasize cybersecurity and provides cybersecurity training for all department computer users. The department's cybersecurity oversite team works to define areas of vulnerability and deploy solutions to address those risks. In addition, MoDOT utilizes the Office of Administration’s network firewall service, as well as endpoint cybersecurity detection and remediation services to provide increased cyber protection.

Purpose of the Measure:

This measure reports the number of MoDOT cybersecurity incidents compared to state agencies. An incident is defined as any threat that standard anti-virus protection software can’t detect.

Measurement and Data Collection:

Data for this measure is captured from the OA Office of Cybersecurity. The target for this measure is zero.