Write Up:

Statewide, MoDOT maintains thousands of computer devices. Keeping those computers safe from outside threats is a 24-hour responsibility using the latest security measures.  

In fiscal year 2020, there was a total of 56 incidents, an average of 14 incidents per quarter.  During the first quarter of FY 2021, MoDOT reported 13 cybersecurity incidents, the same as the first quarter of FY 2020. All incidents were related to users accessing or attempting to access internet sites with malicious content.  Malicious links are common in emails or on web pages. The Information Systems Division manages a proofpoint email relay and threat protection to combat cyber threats. During the first quarter of FY 2021, there were 3,560 email threats identified and thwarted.  Of those threats, 1,484 (42%) were links to internet sites, 1,997 (56%) were attachments, 63 included both and 16 were text message threats.

  

New technology products and some policy changes are aiding to reduce the number of cybersecurity incidents. The new technology consists of a more robust tool to target and trap malicious email phishing campaigns. Along with this new tool, policy changes to increase the strength of user passwords have been implemented.  

MoDOT continues to emphasize cybersecurity and to provide training for all department computer users. The cybersecurity oversite team works to define areas of vulnerability and deploy solutions to address risks. In addition, MoDOT utilizes the Office of Administration’s network firewall service, endpoint cybersecurity detection and remediation services to provide increased cyber protection.

Purpose of the Measure:

This measure reports the number of MoDOT cybersecurity incidents compared to other state agencies. An incident is defined as any threat that a standard anti-virus protection software cannot detect.

Measurement and Data Collection:

Data for this measure is captured from the state Office of Administration of Cybersecurity.

The target for this measure is zero.