Department of Energy must do a better job of addressing cyber risks: GAO

The U.S. Department of Energy needs to do a better job addressing the power grid’s cybersecurity risks, the U.S. Government Accountability Office said in a report issued Tuesday.

The U.S. grid’s distribution systems, which carry electricity from transmission systems to consumers and are regulated primarily by states, are increasingly at risk from cyberattacks, says the GAO report, which is the third in a series of four reports on the main cybersecurity areas the federal government must urgently address.

“Distribution systems are growing more vulnerable, in part because of industrial control systems’ increasing connectivity,” the report says. “As a result, threat actors can use multiple techniques to access those systems and potentially disrupt operations.”

Because of this, it says, threat actors can use multiple techniques to access those systems and potentially disrupt operations.

The report says the Department of Energy agreed with a March 2021 GAO recommendation that it coordinate with the Department of Homeland Security, states and industry to more fully address this risk, but had not done so as of December 2022.

Other cybersecurity risks that require more attention, according to the report, are to K-12 schools, the communications sector and the oil and gas infrastructure.

It says also the Departments of Homeland Security and of Justice should enhance interagency coordination against ransomware threats and the DHS’ Cybersecurity and Infrastructure Agency needed to engage stakeholders and document strategies and goals.