By Amanda Vicinanzo
Senior Editor of Homeland Security Today
Special to In Homeland Security
Amid reports that US Central Command’s social media accounts were attacked by hackers claiming allegiance to the Islamic State (IS), the Government Accountability Office (GAO) issued an audit report indicating DHS is unprepared to address the increasing vulnerability of federal facilities to cyber attacks.
GAO found the Department of Homeland Security (DHS)—the agency responsible for protecting federal facilities—lacks a strategy to address cyber risk to building and access control systems in federal facilities. Consequently, the nearly 9,000 federal facilities protected by Federal Protection Services (FPS) remain vulnerable to cyber threats.
“Federal facilities contain building and access control systems—computers that monitor and control building operations such as elevators, electrical power, and heating, ventilation, and air conditioning—that are increasingly being connected to other information systems and the Internet,” GAO said.
The GAO auditors added, “The increased connectivity heightens their vulnerability to cyber attacks, which could compromise security measures, hamper agencies’ ability to carry out their missions, or cause physical harm to the facilities or their occupants.”
The increase in the connectivity of these systems has also led to an increase in vulnerability to cyber attacks. For example, in 2009, a security guard in a Dallas-area hospital uploaded malware to a hospital computer which controlled the heating, air conditioning, and ventilation for two floors. Court documents indicate that the breach could have interfered with patient treatment, highlighting the danger cyber intrusions pose to building and access control systems.
A cyber expert told GAO these systems were not designed with cybersecurity in mind.
“Security officials we interviewed also said that cyber attacks on systems in federal facilities could compromise security countermeasures, hamper agencies’ ability to carry out their missions, or cause physical harm to the facilities and their occupants,” GAO said.
Sources of cyber threats to building and access control systems include corrupt employees, criminal groups, hackers and terrorists. In particular, insiders—which include disgruntled employees, contractors or other persons abusing their positions of trust—represent a significant threat to these systems.
Read the full article at Homeland Security Today
Comments are closed.