Risk Management

Cyber agency must step up security efforts: GAO

Judy Greenwald

November 23, 2021 Reprints

Cyber Risks Emerging Risks Regulation Technology More + Less -

The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency should do a better job preparing the communications sector for potential security threats, says the U.S. Government Accountability Office in a report issued Tuesday.

The communications sector, which includes mostly private broadcast, cable, satellite, wireless and wired systems and networks, “faces serious physical, cyber-related, and human threats that could affect operations of local, regional and national level networks,” says the report.

But CISA has not determined which types of infrastructure owners and operators may benefit most from its cybersecurity programs or may be underrepresented in its information-sharing activities and services, the report says.

CISA has also not updated its 2015 Communications Sector-Specific Plan, even though DHS guidance recommends these plans be updated every four years, the report SAYS.

The GOA made three recommendations in its report, with which the DHS has concurred, the report said.

First, it said CISA’s director should assess the effectiveness of its programs and services. It should also assess its emergency support function capabilities and revise its sector plan, says the report, which has been presented to Congress.

The GAO said in a report issued in October that the Federal Emergency Management Agency flood hazard maps used by insurers and others in flood mitigation efforts do not reflect the best available climate science or include information on current flood hazards.