Federal buildings are unprepared for potential cyber attacks on their security systems, elevators, heating and cooling networks and other critical operations because the Department of Homeland Security doesn’t have a handle on the risks.
At stake are thousands of vulnerable facilities, including the offices of federal employees and structures that house high-risk items such as drugs and weapons.
Those are the findings from a Government Accountability Office report this week that said DHS lacks a strategy for protecting government buildings from hackers, terrorists, corrupt employees and criminal groups who might want to breach their networks.
Auditors determined that the increased digital connectivity with federal facilities “heightens their vulnerability to cyber attacks, which could compromise security measures, hamper agencies’ ability to carry out their mission, or cause physical harm.”
GAO released its findings on Monday, the same day President Obama gave a speech about national cybersecurity efforts and hackers took control of two social media accounts operated by the U.S. military’s Central Command, posting threatening messages and Islamist propaganda videos.
The watchdog report said the Department of Homeland Security, which is responsible for protecting federal buildings, has failed to formulate a plan for dealing with the vulnerability of government facilities.
“No one within DHS is assessing or addressing cyber risk to building and access control systems … in part, because cyber threats involving these systems are an emerging issue” the report said.
GAO recommended that Homeland Security define the problem, identify roles and responsibilities for dealing with them and figure out what resources will be needed to keep the facilities safe, among other proposals.
DHS agreed with the proposals, saying in a management-response letter that the department is “committed to collaborating with its public, private and international partners to secure cyberspace and America’s cyber assets to safeguard critical infrastructure systems from cyber threats and attacks.”
DHS also said its Interagency Security Committee would work with the General Services Administration to plan an initial review of cyber risks for federal buildings and try to issue guidance on appropriate countermeasures by the end of October.