GAO: Federal facilities open to cyberattacks

The Department of Homeland Security (DHS) lacks a coherent plan to assess and mitigate the cyber risks at federal facilities, concluded a government report released Monday.

“The absence of a strategy that clearly defines the roles and responsibilities of key components within DHS has contributed to a lack of action within the department,” said the Government Accountability Office (GAO) in its report.


As a result, nearly 9,000 federal facilities are not being properly vetted and protected, according to the GAO.

“DHS has not developed a strategy, in part, because cyber threats involving these systems are an emerging issue,” the GAO said.

The lack of a solid program is exposing federal buildings to cyberattacks. Which could cause big problems, as these building’s more basic electronic systems — elevators, heating, air conditioning — are increasingly connected to more critical computer networks.

“The increased connectivity heightens their vulnerability to cyberattacks, which could compromise security measures, hamper agencies’ ability to carry out their missions, or cause physical harm to the facilities or their occupants.”

In recent years, the DHS has been playing a larger cybersecurity role within the government.

The department houses the expanding federal cybersecurity information center — known as the National Cybersecurity and Communications Integration Center (NCCIC) — which helps share data between federal agencies and between the government and private sector.

A number of bills passed late in 2014 also officially codified the DHS cyber role, bolstered its power to assist federal agencies following data breaches and enhanced the agency’s cyber workforce.

It’s expected that Congress will consider additional legislation this year that would further broaden the NCCIC’s role in cybersecurity information sharing.

The GAO recommended that the DHS implement a plan to assess and control the cyber risks to federal facilities. The agency agreed with the watchdog’s recommendations.

The report came out the same day hackers took down the Twitter and YouTube accounts of U.S. Central Command, and as President Obama is launching a new push on cybersecurity.