March 12, 2024 at 09:51AM
The US Government Accountability Office conducted a study on CISA’s operational technology (OT) cybersecurity products and found some teams were understaffed. While CISA offers various security products and guidance, the GAO report identified staffing issues impacting incident response and architecture design reviews. CISA is urged to improve workforce planning. SecurityWeek’s inquiry about the agency’s response to these issues remains unanswered.
From the meeting notes, some key takeaways include:
– CISA’s OT security products and services are considered crucial for addressing risks associated with industrial control and other OT systems.
– The GAO study, which involved collaboration with non-federal entities and other federal agencies, found generally positive experiences with CISA’s OT-focused products and services, but also revealed concerns about insufficient staff with the requisite OT skills.
– Specific examples were provided, such as the inadequate staffing for threat hunting and incident response, and the inability to fulfill the majority of OT-related review requests due to insufficient staff.
– The GAO advised CISA to engage in more effective workforce planning and while the study was conducted several months ago, the agency informed the GAO that it had been working on addressing workforce-related issues at that time.
– CISA was requested to respond to inquiries from SecurityWeek about the workforce issues and the status of the incident response team, but there’s been no response from the agency as of now.