GAO: CISA's OT Teams Inadequately Staffed

The response teams have a staging shortage, leaving them ill-prepared to take on significant threats from different places at once.

Dark Reading Staff, Dark Reading

March 12, 2024

1 Min Read
A help wanted sign on a window
Source: Christophe Coat via Alamy Stock Photo

The Government Accountability Office (GAO) recently conducted a study on operational technology (OT) products and services provided by CISA and found that some teams were staffed inadequately.

CISA is the lead agency in aiding critical infrastructure organizations to determine risks in industrial control systems (ICS) as OT environments are increasingly targeted by malicious actors. It provides risk analysis, evaluation and analysis tools, best practices guidelines, security advisories, and training and exercises, among other things.

Of the 13 non-federal entities with which the GAO conducted its study, including researchers who contributed to CISA's OT advisories as well as OT vendors that contribute to a CISA collaboration group, 12 were able to identify positive experiences in CISA's OT products and services. There were, however, complaints that the staff was insufficient.

One example was that the threat hunting and incident response team was staffed with four federal employees and five contractors at the time of the study. Nine people is not enough to respond to OT cyberattacks in varying locations, according to the agency.

Similarly, in the span of four years, CISA was only able to fulfill 125 of 572 requests related to OT products and services because of its staff shortage.

Though CISA reportedly claims that it is working to address these shortages, the GAO recommends that the agency execute more effective workforce planning.

About the Author

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights