GAO - FEDERAL FACILITY CYBERSECURITY: DHS and GSA Should Address Cyber Risk to Building and Access Control Systems

The Department of Homeland Security (DHS) is responsible for protecting federal facilities, including thousands of office buildings, laboratories, and warehouses, which are part of the nation’s critical infrastructure. These facilities contain building and access control systems such as heating, ventilation, and air conditioning; electronic card readers; and closed circuit camera systems that are increasingly being automated and connected to other information systems or networks and the Internet.

As these systems are becoming more connected, their vulnerability to potential cyber-attacks. According to the National Institute on Standards and Technology, an “information system” is a discrete set of information resources organized for the collection, processing, maintenance, use, sharing, dissemination, or disposition of information.

Information systems can include diverse entities ranging from high-end supercomputers, workstations, personal computers, cellular telephones, and personalized digital assistants to very specialized systems such as weapons systems, telecommunications systems, industrial/process control systems, and environmental control systems.