WASHINGTON, D.C. – Monday was not a good day for the federal government.
In the middle of President Obama’s speech at the Federal Trade Commission to announce his new cybersecurity and identity theft program, the U.S. Central Command’s Twitter and YouTube pages were hacked by supposed ISIS sympathizers. And if that timing wasn’t good enough, a report released by the Government Accountability Office the same morning warns of a much needed upgrade to the access codes in government agency buildings.
The GAO report found that the access control systems of the Department of Homeland Security and the General Services Administration–which is in charge of all government agency buildings—are at risk to cyber hacks. Susceptible parts of the system include building entry, elevator use, electrical power, heating, ventilation and air conditioning. The controls are located on the same system and interconnected, making them vulnerable to hackers who could control the facilities through a single hack, a vulnerability the GAO says could “cause physical harm to the facilities or their occupants.”
The GAO also found that DHS lacks a strategy to address risks to building access controls, leaving the nearly 9,000 federal facilities in desperate need of a new security strategy. Additionally, no one at the agency has the role of developing a plan to fix any security concerns.
An official at the DHS told GAO that the agency has not yet developed a strategy to address hacking of its building access codes “because cyber threats involving these systems are an emerging issue.”
Critical infrastructure susceptibility is a concern of many security experts who view the often archaic practices employed by government offices and agencies as easy targets to hackers. DecodeDC looked into the truth behind the fears in a podcast. Listen Here: