What if the headquarters of a massive government agency like the Department of Defense was sent into a frenzy – electricity abruptly shut off, door locks and security cameras disabled – all at the will of a hacker behind a computer screen on the other side of the globe?
If this sounds like something out of a spy thriller, an Edward Snowden dream or an episode of 24 – guess again. Auditors say government facilities are completely vulnerable to such a scenario, which would go far beyond having a Twitter or YouTube account hacked.
Related: Why Cyber Crime is Now the Top Threat Facing the U.S.
A new report from the Government Accountability Office finds that the Department of Homeland Security isn’t prepared to protect agencies against cyber attacks targeting federal facilities.
Though most attention on cyber threats focuses on how hackers could retrieve sensitive information stored on computers, this report looks at how cyber attacks could compromise the security of federal buildings – and the people and documents in them.
In most large facilities, for example, everything from electricity, heat and air conditioning to elevators and security cameras are operated through a complicated technical access control system. Those systems, auditors say, are vulnerable to cyber attacks.
That vulnerability could “compromise security measures, hamper agencies’ ability to carry out their missions, or cause physical harm to the facilities or their occupants,” the GAO report said.
What’s even more troubling is that the government doesn’t seem to have an idea how to respond if those systems are penetrated.
Related: Centcom’s Twitter, YouTube Accounts Apparently Hacked by ISIS
“No one within DHS is assessing or addressing cyber risk to building and access control systems,” auditors said, adding that about 9,000 facilities are not sufficiently protected against potential cyber threats because these threats are a relatively new issue.
New or not, it’s still clearly an issue (just ask Sony Pictures).
The report came out right after DOD confirmed that hackers claiming to be associated with ISIS hijacked the U.S. Central Command’s official Twitter and YouTube accounts for nearly an hour. Though infiltrating social media accounts isn’t nearly as serious as hacking into an agency’s computer system, it caused a stir among federal officials and the media.
The social media breach came just a day before President Obama prepared to propose major legislation to protect the private sector from cyber attacks that Sony and others have endured over the past year. The measure would grant companies partial immunity from lawsuits when they alert the DHS to cyber threats.
Meanwhile the GAO is recommending DHS ramp up its efforts to protect agencies and their facilities from cyber attacks – as well as put a strategy in place as to how best to respond in the event government systems are infiltrated by hackers.
Top Reads from The Fiscal Times