GAO cybersecurity report
New GAO Report Highlights Gaps in Federal Cyber Critical Infrastructure Measures
The Government Accountability Office has released the third report in a four-part series outlining high cybersecurity risks to the government. The third report highlights potential vulnerabilities in cyber critical infrastructure and how federal agencies can mitigate them.
GAO flagged gaps in the Department of Energy’s plans to protect the electric grid for malicious actors, noting that supply chain vulnerabilities have yet to be addressed. The Energy Department was urged to work with the Department of Homeland Security, state governments and the private sector to account for potential threats to industrial control systems.
Another agency that has neglected feedback from GAO is the Cybersecurity and Infrastructure Security Agency, which has not evaluated existing programs supporting the communications sector’s resilience. CISA has also not updated a 2015 strategy to address emerging threats.
GAO also followed up on a September 2022 recommendation to CISA, the FBI and the Secret Service regarding support for state, local, tribal and territorial governments hit by ransomware. The three agencies were called to follow collaborative practices and define vague procedures, GAO said.
The second report, released earlier in February, focused on information systems. One suggestion offered by GAO was for CISA to complete the implementation of an organizational plan to accelerate goal achievement.
Tags: cyber critical infrastructure cybersecurity Cybersecurity and Infrastructure Security Agency Department of Energy Government Accountability Office