GAO Tells Coast Guard to Address Cybersecurity Vulnerabilities

The Government Accountability Office told the U.S. Coast Guard that failure to consistently apply the needed cybersecurity risk management processes puts it at a high risk of unauthorized access to its information technology and operational technology systems. The oversight agency issued the warning amid the service’s plan to spend $93 million to improve its IT systems and infrastructure, Homeland Security Today reported Friday.

In a report following an audit, the GAO noted that the Coast Guard still does not fully assess its IT network capacity needs and does not include all of its OT in its cybersecurity efforts. The auditor stressed that the service’s continued failure to properly address its cybersecurity vulnerabilities could lead to system disruptions and loss of data.

The GAO said it has also found that the Coast Guard did not consistently apply the Department of Defense Risk Management Framework for its operational technology, a failing which was attributed in part to the lack of a comprehensive and accurate inventory. It was emphasized that the Coast Guard is required to follow the framework, which establishes two different cybersecurity risk management processes for identifying and applying cybersecurity controls for IT and OT resources.

To address the USCG’s cybersecurity inadequacies, the auditor has made eight recommendations to help improve IT implementation and security. At the top of the list is asking the Coast Guard to compile a complete and accurate inventory of hardware, software and configurations.

Sign Up Now! Potomac Officers Club provides you with Daily Updates and News Briefings about Digital Modernization

Join Us Now