of Government Accountability Office (GAO) recently conducted the following study: Operational technology As we leveraged the (OT) products and services provided by CISA, we found that some teams were understaffed.
CISA is the lead agency in support critical infrastructure organization determine the risk of industrial control system (ICS) OT environments are increasingly targeted by malicious attackers. We provide risk analysis, assessment and analysis tools, best practice guidelines, security recommendations, training and exercises, and more.
Of the 13 non-federal agencies surveyed by GAO, including researchers who contributed to CISA's OT recommendations and OT vendors who contributed to the CISA Collaborative Group, 12 reported positive experiences with CISA's OT products and services. was able to identify.However, there were also complaints such as: There were not enough personnel.
As an example, at the time of the study, the threat hunting and incident response team was staffed by four federal employees and five contractors. The agency said nine people are not enough to respond to OT cyberattacks in various locations.
Similarly, CISA was only able to respond to 125 out of 572 requests related to OT products and services over a four-year period due to staff shortages.
Even though it's CISA reportedly Although GAO claims it is working to address these shortfalls, GAO recommends that agencies implement more effective workforce planning.