The current state of the U.S. government’s cybersecurity is in critical need of improvement according to the “High-Risk” report released yesterday by the Government Accountability Office (GAO). The GAO found serious problems with the way that the Administration and the Department of Homeland Security (DHS) are addressing cybersecurity as well as the protection of personally identifiable information.
While the Administration and DHS have pledged to strengthen cybersecurity infrastructure by undertaking enhancement initiatives and implementing various recommendations, crucial work still remains to be done, especially as the use of and threats in cyberspace continue to grow.
Throughout the report, the GAO used the terms “partially,” “inadequate,” and “inconsistent” to describe the actions the Administration has taken. The GAO found that the Administration has no overarching cybersecurity strategy that outlines performance measurements, specific roles of federal agencies, or accountability requirements.
The GAO also called attention to the lack of action plans and progress reports for fixing systems with security flaws and the need for additional DHS analytical and technical capabilities. While Congress has passed some bills to address certain cybersecurity issues, the failure to create a public- and private-sector information-sharing framework is only hindering cybersecurity.
DHS is the key overseer of cybersecurity protection, so it should be the agency’s critical objective to expand cyber-protection initiatives. With the recent attacks on Sony and the giant health insurer Anthem, among many others, DHS should expand cooperation with the private sector, develop a highly skilled and motivated cybersecurity workforce, and improve its cyber supply chain protection to prevent and detect threats that would compromise the nation’s critical cyber infrastructure.
Congressional action on information sharing between the public and private sector should be accelerated by providing liability protection and representation from the government and private entities. Congress should also continue to oversee the implementation of new and existing information and cybersecurity laws and support the expansion of DHS’s “Einstein” program to protect federal systems and information.
The GAO has identified the problems that exist with cybersecurity protection and provided immediate and long-term recommendations—now is the time for the White House, DHS, and Congress to take the lead on innovative cybersecurity improvements.