Enhanced industrial control systems cybersecurity for energy and communications sector among top recommendations in new GAO cybersecurity assessment.
A new US Government Accountability Office (GAO) assessment of the cybersecurity of the nation's critical infrastructure recommends a more robust role for the federal government in protecting industrial control systems (ICS) — particularly those operating the country's energy grid and communications networks.
The GAO in its report noted that the US Department of Energy's cybersecurity plan does not address vulnerabilities in individual energy grids' distribution systems.
"We recommended that, in developing plans to implement the national cybersecurity strategy for the grid, DOE coordinate with DHS, states, and industry to more fully address risks to the grid’s distribution systems from cyberattacks," the report said.
The GAO's assessment also calls on the Cybersecurity and Infrastructure Agency (CISA) to improve coordination and incident management among all levels of government — local, regional, and national — to protect against ransomware cyberattacks.
CISA is also called out by the GAO for its lack of attention on US communications network cybersecurity. The report added CISA has not updated its Communications Sector-Specific plan since 2015. CISA should also engage with the US Secret Service to respond to ransomware attacks on tribal, state, local, and territorial governments, the GAO report recommends.
This latest audit of infrastructure and industrial control systems is the third from the GAO on the cybersecurity of the nation. In the new report, GAO calls out the federal government for its slow response to previous recommendations by the agency.
"We've made 106 public recommendations in this area since 2010," the report said. "Nearly 57% of those recommendations had not been implemented as of December 2022."
About the Author(s)
You May Also Like
Defending Against Today's Threat Landscape with MDR
April 18, 2024The fuel in the new AI race: Data
April 23, 2024Securing Code in the Age of AI
April 24, 2024Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024