Federal buildings vulnerable to cyberattack, watchdog says

Not just computers, but government buildings themselves could be the target of cyberterrorism attacks, said a new watchdog report, which found the Homeland Security Department may not be prepared to meet such challenges.

“Operations such as elevators, electrical power, and heating, ventilation, and air conditioning … are increasingly being connected to other information systems and the Internet,” said a December report by the Government Accountability Office, Congress’ top watchdog.

But the investigators said DHS doesn’t have a strategy to deal with potential cyber threats against their buildings directly, and there is disagreement over which component of the agency should be in charge of developing a strategy.

“No one in DHS is assessing the cyber risk to building and access control systems at the almost 9,000 facilities,” the GAO said.

The watchdog warned it’s not just employee office buildings at risk. Many systems are connected to the Internet and easily hackable — like security entrance and surveillance camera systems for government warehouses that hold weapons or dangerous chemicals.

The Homeland Security Department said they are aware of the problem, and are taking “preliminary steps” including a plan to complete a review of cyber-threats to government buildings by October.

“DHS is committed to collaborating with its public, private and international partners to secure cyberspace and America’s cyber assets to safeguard critical infrastructure systems from cyber threats and attacks,” the agency said.

The GAO also noted that the General Services Administration — which is in charge of running most federal buildings — also needs more preparation for the challenges ahead.

The government has become increasingly concerned about potentially damaging cyberattacks. This week, the Twitter and YouTube accounts for the U.S. Central Command were hacked by Islamic State sympathizers. And the French defense ministry said that 19,000 French websites have been the targets of cyberattacks since the shootings last week.

Perhaps the most public hacking display was that of Sony Pictures in 2014, with the hackers publishing lots of internal e-mails and protected documents from the company. Fingers pointed at North Korea — supposed retaliation for a Sony movie that depicted a U.S. mission to kill leader Kim Jong-un.