GAO: CISA's OT Teams Inadequately Staffed

We Keep you Connected

GAO: CISA's OT Teams Inadequately Staffed

The response teams have a staging shortage, leaving them ill-prepared to take on significant threats from different places at once.
March 12, 2024
The Government Accountability Office (GAO) recently conducted a study on operational technology (OT) products and services provided by CISA and found that some teams were staffed inadequately.
CISA is the lead agency in aiding critical infrastructure organizations to determine risks in industrial control systems (ICS) as OT environments are increasingly targeted by malicious actors. It provides risk analysis, evaluation and analysis tools, best practices guidelines, security advisories, and training and exercises, among other things.
Of the 13 non-federal entities with which the GAO conducted its study, including researchers who contributed to CISA's OT advisories as well as OT vendors that contribute to a CISA collaboration group, 12 were able to identify positive experiences in CISA's OT products and services. There were, however, complaints that the staff was insufficient.
One example was that the threat hunting and incident response team was staffed with four federal employees and five contractors at the time of the study. Nine people is not enough to respond to OT cyberattacks in varying locations, according to the agency.
Similarly, in the span of four years, CISA was only able to fulfill 125 of 572 requests related to OT products and services because of its staff shortage.
Though CISA reportedly claims that it is working to address these shortages, the GAO recommends that the agency execute more effective workforce planning.
Dark Reading Staff
Dark Reading
Dark Reading is a leading cybersecurity media site.
You May Also Like
Assessing Your Critical Applications’ Cyber Defenses
Unleash the Power of Gen AI for Application Development, Securely
The Anatomy of a Ransomware Attack, Revealed
How To Optimize and Accelerate Cybersecurity Initiatives for Your Business
Building a Modern Endpoint Strategy for 2024 and Beyond
Cybersecurity’s Hottest New Technologies – Dark Reading March 21 Event
Black Hat Asia – April 16-19 – Learn More
Industrial Networks in the Age of Digitalization
Zero-Trust Adoption Driven by Data Protection
How Enterprises Assess Their Cyber-Risk
Privileged Access Management Checklist
State of the Intelligent Information Management Industry in 2021
Gcore Radar
Demystifying Zero Trust in OT
Secure Access for Operational Technology at Scale
Fortinet Named a Leader in the Forrester Wave: Zero Trust Edge (ZTE) Solutions
Mandiant Threat Intelligence at Penn State Health
Cybersecurity’s Hottest New Technologies – Dark Reading March 21 Event
Black Hat Asia – April 16-19 – Learn More
Copyright © 2024 Informa PLC Informa UK Limited is a company registered in England and Wales with company number 1072954 whose registered office is 5 Howick Place, London, SW1P 1WG.