9,000 US federal facilities vulnerable to cyber threats – govt report
The US Department of Homeland Security has no coordinated strategy to counter cyber-attacks targeting basic electronic systems in government buildings, a report by the US Government Accountability Office has revealed.
Many components of modern remotely-controlled operation maintenance systems, such as elevators, electrical power, central heating and air conditioning, are increasingly incorporated into computer networks with internet connections.
According to the latest Government Accountability Office (GAO) report: “The increased connectivity heightens their vulnerability to cyber-attacks, which could compromise security measures, hamper agencies’ ability to carry out their missions, or cause physical harm to the facilities or their occupants.”
The report says that as of October 2014, electronic service systems in nearly 9,000 America’s government buildings protected by the Federal Protective Service (FPS, an integral part of the DHS) are not guarded properly against outside hacker attack due to the DHS lacking a solid plan to deal with this threat.
“The absence of a strategy that clearly defines the roles and responsibilities of key components within DHS has contributed to a lack of action within the department,” the GAO said in its report.
The GAO partly excuses the Department of Homeland Security’s failure, however, saying that the “DHS has not developed a strategy, in part, because cyber threats involving these systems are an emerging issue.”
To a certain extent that could be true, yet Hollywood’s “Live Free or Die Hard” blockbuster (released at Die Hard 4.0 outside the US) vividly exposed the potentially dire consequences of such cyber-attacks against government infrastructure in 2007.
The DHS has taken the leading role in providing cyber security for government offices in recent years. The agency runs the National Cybersecurity and Communications Integration Center (NCCIC) responsible for data sharing between the government, federal agencies and America’s private sector.
In 2014, American legislators codified the DHS’s leading role in providing cyber security to government entities nationwide, with even more bills expected to pass Congress in 2015.
The role of the NCCIC in cyber security information-sharing is expected to grow, and the DHS has already agreed with the GAO’s recommendation to estimate and monitor the cyber risks to US federal facilities.
The publication of the GAO report coincided with a hacker attack on the US Central Command’s Twitter and YouTube accounts, which definitely lay outside the DHS responsibility, yet used by the Obama administration to announce a further push for additional cyber security measures.
The GAO report comes shortly after a warning from former NSA contractor Edward Snowden, who told PBS' NOVA Next program that the US should focus on cyber security, rather than cyber offensive operations.
“When it comes to our technical economy, we have more to lose than any other nation on Earth,” Snowden said.