A brand new US Authorities Accountability Workplace (GAO) evaluation of the cybersecurity of the nation’s essential infrastructure recommends a extra strong function for the federal authorities in defending industrial management techniques (ICS) — significantly these working the nation’s power grid and communications networks.
The GAO in its report famous that the US Division of Vitality’s cybersecurity plan doesn’t handle vulnerabilities in particular person power grids’ distribution techniques.
“We really useful that, in growing plans to implement the nationwide cybersecurity technique for the grid, DOE coordinate with DHS, states, and trade to extra totally handle dangers to the grid’s distribution techniques from cyberattacks,” the report mentioned.
The GAO’s evaluation additionally calls on the Cybersecurity and Infrastructure Company (CISA) to enhance coordination and incident administration amongst all ranges of presidency — native, regional, and nationwide — to guard towards ransomware cyberattacks.
CISA can be known as out by the GAO for its lack of consideration on US communications community cybersecurity. The report added CISA has not up to date its Communications Sector-Particular plan since 2015. CISA also needs to interact with the US Secret Service to reply to ransomware assaults on tribal, state, native, and territorial governments, the GAO report recommends.
This newest audit of infrastructure and industrial management techniques is the third from the GAO on the cybersecurity of the nation. Within the new report, GAO calls out the federal authorities for its gradual response to earlier suggestions by the company.
“We have made 106 public suggestions on this space since 2010,” the report mentioned. “Practically 57% of these suggestions had not been carried out as of December 2022.”
