Federal awareness of critical infrastructure’s ransomware defenses lacking

The Government and Accountability Office has disclosed that insights on the implementation of ransomware defenses among U.S. organizations in the energy, healthcare, manufacturing, and transportation industries have been lacking among six federal agencies leading the oversight of critical infrastructure, CyberScoop reports. No thorough evaluations of cybersecurity support to their respective sectors have been conducted by the Cybersecurity and Infrastructure Security Agency, Department of Health and Human Services, Department of Transportation, Transportation Security Administration, and the U.S. Coast Guard, which have also failed to examine organizations' adoption of ransomware combating recommendations given by the National Institute of Standards and Technology, according to the GAO report. The report also noted that determining ransomware's impact on critical infrastructure is also being hindered by lacking reporting rules. "Given that ransomware remains one of the most serious and concerning cybersecurity challenges to our nation's critical infrastructure, it is vital that the [sector risk management agencies] assess risks and measure the effectiveness of their support activities to better protect their respective sectors from this pervasive threat," said the report.