GAO Calls for Action to Protect Cybersecurity of Critical Energy, Communications Networks

Enhanced industrial control systems cybersecurity for energy and communications sector among top recommendations in new GAO cybersecurity assessment.

Dark Reading Staff, Dark Reading

February 8, 2023

1 Min Read
Electrical towers and lines
Source: Jason O. Watson via Alamy Stock Photo

A new US Government Accountability Office (GAO) assessment of the cybersecurity of the nation's critical infrastructure recommends a more robust role for the federal government in protecting industrial control systems (ICS) — particularly those operating the country's energy grid and communications networks.

The GAO in its report noted that the US Department of Energy's cybersecurity plan does not address vulnerabilities in individual energy grids' distribution systems.

"We recommended that, in developing plans to implement the national cybersecurity strategy for the grid, DOE coordinate with DHS, states, and industry to more fully address risks to the grid’s distribution systems from cyberattacks," the report said.

The GAO's assessment also calls on the Cybersecurity and Infrastructure Agency (CISA) to improve coordination and incident management among all levels of government — local, regional, and national — to protect against ransomware cyberattacks.

CISA is also called out by the GAO for its lack of attention on US communications network cybersecurity. The report added CISA has not updated its Communications Sector-Specific plan since 2015. CISA should also engage with the US Secret Service to respond to ransomware attacks on tribal, state, local, and territorial governments, the GAO report recommends.

This latest audit of infrastructure and industrial control systems is the third from the GAO on the cybersecurity of the nation. In the new report, GAO calls out the federal government for its slow response to previous recommendations by the agency.

"We've made 106 public recommendations in this area since 2010," the report said. "Nearly 57% of those recommendations had not been implemented as of December 2022."

About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights