Federal Facility Cybersecurity: DHS and GSA Should Address Cyber Risk to Building and Access Control Systems, Report to Congressional Requesters   [open pdf - 5MB]

From the Highlights: "Federal facilities contain building and access control systems--computers that monitor and control building operations such as elevators, electrical power, and heating, ventilation, and air conditioning--that are increasingly being connected to other information systems and the Internet. The increased connectivity heightens their vulnerability to cyber attacks, which could compromise security measures, hamper agencies' ability to carry out their missions, or cause physical harm to the facilities or their occupants. GAO's [Government Accountability Office] objective was to examine the extent to which DHS and other stakeholders are prepared to address cyber risk to building and access control systems in federal facilities. GAO reviewed DHS's and other stakeholders' authorities to protect federal facilities from cyber attacks ; visited selected FPS [Federal Protective Service]-protected facilities to determine what stakeholders were doing to address cyber risks to these systems; and interviewed experts about the cyber vulnerability of building and access control system s and related issues. GAO also reviewed GSA's [General Services Administration] security assessment process and a sample of reports. […] GAO recommends that DHS (1) develop and implement a strategy to address cyber risk to building and access control systems and (2) direct ISC [Interagency Security Committee] to revise its Design-Basis Threat report to include cyber threats to building and access control systems. GAO also recommends that GSA assess cyber risk of its building control systems fully reflecting FISMA [Federal Information Security Management Act of 2002] and its guidelines."

Report Number:
Public Domain
Retrieved From:
Government Accountability Office: http://www.gao.gov/
Media Type:
Help with citations