The Homeland Security Department may have its hands full protecting the nation’s infrastructure from terrorist attacks, but the Government Accountability Office said the department needs to do much more to improve the cybersecurity of access and control systems in the thousands of buildings it operates.
In that area, DHS is only at square one, according to a recent GAO report.
According to the report, “no one at DHS is assessing or addressing cyber risk to building and access control systems particularly at the nearly 9,000 federal facilities protected by the Federal Protective Service (FPS) as of October 2014.”
Moreover, the report said, DHS lacks a strategy that “defines the problem, identifies roles and responsibilities … and identifies a methodology for assessing this cyber risk.”
The Interagency Security Committee, the division within DHS responsible for physical security standards for nonmilitary facilities, has not incorporated policies related to cyber threats in building and access control systems. The ISC attributes this failure to recent incidents of active shooters and workplace violence, which it has deemed a priority over cyber threats.