The White House’s goal of bolstering the cyber resilience of critical infrastructure is being threatened by US federal agencies’ lack of oversight of ransomware protections, according to a new Government Accountability Office (GAO) report.
The GAO noted that some agencies only assess the adoption of basic cybersecurity protections and general guidance in critical sectors like energy and healthcare, rather than federal guidelines on addressing ransomware specifically.
The report analyzed ransomware mitigation strategies in four critical infrastructure sectors – critical manufacturing, energy, healthcare and public health, and transportation.
Most federal agencies that lead and manage risk for four critical sectors have assessed or plan to assess risks associated with ransomware, according to the GAO.
However, the agencies have not fully gauged the use of leading cybersecurity practices or whether federal support has mitigated risks effectively in the sectors.
The findings come amid surging ransomware attacks in the past year, and prominent energy and water companies hit at the start of 2024.
Bolstering the cyber resilience of critical industries is a key aim of the White House’s National Cybersecurity Strategy, which was unveiled in 2023.
No tags.
