GAO Report Examines Approach of DHS to Addressing Cyber Risks to Building and Access Control Systems (with Lofchie Comment)
The U.S. Government Accountability Office ("GAO") issued a study describing the preparedness of the Department of Homeland Security ("DHS") regarding cybersecurity risks to building and access controls systems in federal facilities.
GAO found that the DHS lacks a strategy to (i) define the problem, (ii) identify the roles and responsibilities for securing systems, (iii) analyze the resources needed and (iv) identify a methodology for assessing cyber risks. GAO explained that the DHS has "not effectively" articulated a plan for organizing and prioritizing efforts to address the cyber risks facing DHS facilities.
GAO recommended that the DHS (i) develop and implement a strategy to address cyber risk, in addition to the Interagency Security Committee, and (ii) revise its Design-Basis Threat report to include cyber threats to building and access control systems.
Lofchie Comment: While this news item is not closely related to financial regulation, it emphasizes the breadth of concerns regarding cyber risk.