Risk Management

Federal government must amp up cybersecurity: GAO

Judy Greenwald

December 02, 2021 Reprints

Cyber Risks Emerging Risks Regulation Technology More + Less -

Federal cybersecurity actions are urgently needed to better protect the nation’s infrastructure, says the U.S. Government Accountability Office, in a GAO official’s testimony prepared for a Congressional subcommittee, which says many of its recommendations have not been implemented.

“Recent events, including the ransomware attack that led to a shutdown of a major U.S. fuel pipeline, have illustrated that the nation’s critical infrastructure and the federal government’s IT systems continue to face growing cyber threats,” said Nick Marinos, GAO director, information technology and cybersecurity, in testimony scheduled to be delivered Thursday before the House of Representatives’ committee on transportation and infrastructure.

The executive branch “urgently needs to establish and implement a comprehensive national cyber strategy” and the federal government needs to strengthen its role in protecting the critical infrastructure’s cybersecurity, the report said.

The report said about 50 of the 80 recommendations the GAO has made in public reports since 2010 had not been implemented as of November.

Specific agencies cited as failing to implement the GAO’s recommendations are the Federal Aviation Administration, the Transportation Security Administration, the Cybersecurity and Infrastructure Security Agency; the Department of Energy; the Department of Education; and the Department of the Treasury.

Separately, the TSA said Thursday it has issued two new security directives and additional guidance for voluntary measures to strengthen cybersecurity across the transportation sector.