GAO Report Says Federal Agencies Lack Method to Grade Critical Infrastructure Cybersecurity

Most federal agencies overseeing the security of America’s critical infrastructure still lack formal methods for determining whether those essential networks are protected from hackers, according to a new government report. Of the 15 critical infrastructure industries examined in the Government Accountability Office (GAO) report -- including banking, finance energy and telecommunications -- 12 were overseen by agencies that didn’t have proper cybersecurity metrics. These so-called “sector-specific” agencies “had not developed metrics to measure and report on the effectiveness of all of their cyber risk mitigation activities or their sectors’ cybersecurity posture," the report concluded.

The watchdog pointed the finger at the private sector, noting the agencies have to “rely on their private sector partners to voluntarily share information needed to measure efforts.” In the meantime, infrastructure necessary to maintain a functioning economy and power grid will remain vulnerable to hackers.