The GAO pointed out that the DHS, CISA and NIST have issued guidance, alerts, advisories, and other resources in an effort to help federal and private entities manage the cybersecurity risks associated with internet-of-things (IoT) and operational technology (OT) systems.

While steps have been taken to protect critical infrastructure against cyberattacks, GAO believes more should be done by certain agencies.

The US Energy Department has initiatives focusing on OT cybersecurity monitoring technologies and cybersecurity for OT environments. The Department of Health and Human Services provides pre-market and post-market cybersecurity management guidance for medical device manufacturers. The DHS and the Transportation Department’s initiatives include a surface transportation cybersecurity toolkit and a directive on enhancing rail cybersecurity.