Security News > 2020 > March > Facilities That Lost Data Center Status at Increased Risk of Cyberattacks: GAO
Federal agencies participating in the Office of Management and Budget's Data Center Optimization Initiative report that they are on track with previously announced plans to close hundreds of outdated data centers, but many of the facilities that will continue to operate are at increased risk of being hacked, the U.S. Government Accountability Office warned last week.
The new GAO study reveals that due to the lack of reporting requirements for key facilities and lack of proper documentation of decisions on which facilities are exempt from DCOI, agencies might remain exposed to vulnerabilities and oversight of consolidation, and optimization efforts may be impaired.
"While OMB previously acknowledged that these types of facilities inefficiently consume resources and pose security risks, agencies are no longer required to report these locations in their inventories. Further, there is currently no documentation of OMB's decisions on agency requests to remove data centers from reporting, or to exempt mission critical data centers from closure targets," GAO says.
The OMB contested GAO's claims that the removal of some facilities from DCOI oversight increased cybersecurity risks, and OMB even advised GAO to remove cybersecurity references from its report.
"In raising these objections, OMB's comments stated that DCOI is focused on consolidating and optimizing the federal data center portfolio and that cybersecurity is not a primary driver of the initiative. OMB added that DCOI was never designed to track or directly address cybersecurity risks," GAO said in its report.