WASHINGTON – U.S. Senator Chuck Grassley, R-Iowa, contacted seven federal agencies with open Government Accountability Office (GAO) recommendations for improving the cybersecurity of U.S. critical infrastructure. Besides urging administrators to close the recommendations, some of which are years old, Grassley demands records on their departments’ cybersecurity testing practices and their protocols for reporting and responding to cyberattacks.
“Keeping Americans safe is job one for the federal government. Yet, many of the nine agencies charged with shielding the U.S. from cyberattacks are dragging their feet on GAO’s recommendations. Congress needs to know how those agencies are working to bolster critical infrastructure defense, or whether they’re asleep at the switch,” Grassley said of his letters.
Iowa’s senior U.S. Senator sent letters to the U.S. Department of the Treasury, Environmental Protection Agency, the U.S. Department of Transportation, U.S. Department of Homeland Security, U.S. Department of Energy, U.S. Department of Defense, and U.S. Department of Health and Human Services.
The Cybersecurity and Infrastructure Security Agency (CISA) states critical infrastructure is comprised of the “systems and assets, whether physical or virtual, so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety, or any combination of those matters.”
Nine federal agencies including the agencies that Grassley contacted, as well as, the General Services Administration and U.S. Department of Agriculture, have jurisdiction over the systems in place to deter cyberattacks on American industries.
In January, the U.S. Government Accountability Office (GAO) issued a report on the prevalence of ransomware. According to the report, this type of malware became the fourth most reported cybersecurity incident in 2022 and accounted for 15 percent of financial losses from cybersecurity attacks that year. The GAO found most policies to facilitate ransomware attack reporting are “voluntary,” and the government’s priority is to “obtain technical details… rather than collect information about impacts.”
Read Grassley’s letter to the U.S. Department of Homeland Security below:
grassley_to_dhs_-_critical_infrastructure
