Federal watchdog warns security of US infrastructure ‘in jeopardy’ without action

A federal watchdog agency on Thursday released findings highlighting serious concerns around cybersecurity vulnerabilities in U.S. critical infrastructure, warning that these systems are “in jeopardy” if the government fails to take action.

The Governmental Accountability Office (GAO) released the report, which highlights increasing threats to the nation’s key systems over the past year to argue for the need for the federal government to take steps, including implementing a national cybersecurity strategy and enhancing federal protection of critical infrastructure. 

“If the federal government doesn’t act with greater urgency, the security of our nation’s critical infrastructure will be in jeopardy,” GAO wrote in a summary of the report. 

The report was released in conjunction with a hearing on securing the nation’s infrastructure held by the House Transportation and Infrastructure Committee on Thursday. Nick Marinos, the director of Information Technology and Cybersecurity at GAO, raised concerns in his testimony that the U.S. is “constantly operating behind the eight ball” on addressing cyber threats. 

“The reality is that it just takes one successful cyberattack to take down an organization, and each federal agency, as well as owners and operators of critical infrastructure, have to protect themselves against countless numbers of attacks, and so in order to do that, we need our federal government to be operating in the most strategic way possible,” Marinos testified to the committee. 

According to the report, GAO has made over 3,700 recommendations related to cybersecurity at the federal level since 2010, and around 900 of those recommendations have not been addressed. Marinos noted that 50 of the unaddressed concerns are related to critical infrastructure cybersecurity. 

“Clearly, there is a lot more work to do, and we think that agencies need to move with a much greater sense of urgency to improve their cybersecurity protections,” Marinos testified. 

The findings were made public in the wake of several high profile cyberattacks on critical infrastructure organizations over the past year. These included the ransomware attack in May on Colonial Pipeline, which temporarily crippled fuel supply to the East Coast, and the unsuccessful attempt by a hacker in February to poison the water supply in Oldsmar, Fla. 

GAO has listed cybersecurity as a key area of government risk since 1987, finding in its most recent “high risk” report submitted to Congress earlier this year that government cybersecurity has “regressed” since 2019. 

Marinos pointed to these continuing concerns by GAO in highlighting the urgent need for more action.

“In order for our nation to overcome its ever mounting and increasing array of cyber challenges, our federal government needs to do a better job of implementing strategy, oversight, and coordination among federal agencies and with the owners and operators that are on the front lines of this digital battle,” Marinos testified.