This week the Government Accountability Office published one report on cybersecurity; “Critical Infrastructure: Actions Needed to Better Secure Internet-Connected Devices”. The report focuses on critical infrastructure oversight of IoT and OT cybersecurity at three federal agencies: DOE, HHS and TSA. The report includes nine recommendations, mainly dealing with specifically including IoT and OT technology in cyber risk assessments and including cybersecurity metrics in the respective sector specific plans.
Highlight Page .pdf - https://www.gao.gov/assets/gao-23-105327-highlights.pdf
Commentary
It is interesting that GAO overlooked the longest running federal
security program that includes oversight of critical infrastructure cybersecurity;
the Chemical Facility Anti-Terrorism Standards (CFATS) program. Many of the
recommendations could be applied to that program as well.
No comments:
Post a Comment