GAO Report: Some Agencies Lack Understanding of Critical Infrastructure’s Need for Ransomware Protection

A report by the Government Accountability Office has found that federal agencies in charge of energy, health care, manufacturing and transportation lack understanding of their sectors’ cyber posture.

The report examined six lead agencies in the four sectors and discovered that the agencies have yet to determine the extent to which businesses in their respective industries have adopted the recommendations of the National Institute of Standards and Technology nor have fully assessed their capability to support the Department of Homeland Security’s 2013 National Infrastructure Protection Plan.

GAO carried out the performance audit from August 2022 to January 2024 due to the growing number of ransomware attacks targeting manufacturing plants and health care institutions across the United States, CyberScoop reported.

Ransomware is still among the most serious and concerning cybersecurity challenges faced by the U.S. critical infrastructure sector, according to the report.

Combating ransomware attacks has been a top priority for the Biden administration. In November 2023, the White House led about 50 nations to join the Counter-Ransomware Initiative, a global effort that aims to combat ransomware attacks.