Connect with us

Hi, what are you looking for?

Hard News Hard Hitting News Source Global Political News

Cyber Security

Majority of GAO’s Cyber Recommendations Since 2010 Have Gone Unresolved

A new watchdog report found that the White House needs to do more to improve cybersecurity practices across federal agencies, including issuing a more holistic national cybersecurity strategy.

The Government Accountability Office said in a report on Thursday that federal agencies have not implemented almost 60% of the cybersecurity recommendations issued by the watchdog since 2010, potentially undermining their ability to safeguard sensitive information. 

The report—which GAO said is “the first in a series of four reports that lay out the main cybersecurity areas the federal government should urgently address”—found that approximately 190 of the watchdog’s 335 recommendations had not been put in place as of December 2022. GAO warned that “until these are fully implemented, federal agencies will be more limited in their ability to protect private and sensitive data entrusted to them.”

To enhance agencies’ cybersecurity practices and protocols, GAO said that the Biden administration should work to implement a “comprehensive national cybersecurity strategy” that includes robust oversight and addresses the full range of “desirable characteristics of national strategies.” 

“Until the federal government fully develops and implements a comprehensive national strategy, it will not have a clear roadmap for overcoming the cyber challenges facing our nation,” GAO said. 

The Trump administration previously issued a national cybersecurity strategy in 2018 and an implementation plan in 2019, which GAO noted in a September 2020 report “addressed some, but not all, of the desirable characteristics of national strategies,” including resources, investments and risk management.

The Biden administration is reportedly planning to unveil its own national cybersecurity strategy in the coming weeks, and GAO said that the White House should work to ensure that it “addresses those characteristics” missing from the Trump-era strategy. 

The report also said that federal agencies “need to fully implement all of the foundational practices for supply chain risk management” to help mitigate global supply chain risks, noting that a December 2020 GAO review of 23 civilian agencies “found that none had fully implemented all of the seven foundational practices for supply chain risk management and that 14 had not implemented any of the practices.”

GAO also identified deficiencies in agencies’ efforts to implement reforms “that prioritized solving the cybersecurity workforce shortage by identifying and closing workforce skills gaps and developing a standardized approach to hiring, training and retaining qualified cybersecurity professionals.”

The report noted, in particular, that the Office of Management and Budget and the Department of Homeland Security have only partially addressed recommendations regarding their cyber workforce challenges, and have “not established a dedicated implementation team or a government-wide implementation plan.”

“Without these practices in place, OMB and DHS will likely be unable to make significant progress towards solving the cybersecurity workforce shortage,” GAO said.

Additionally, GAO called for agencies to “take action to better secure internet-connected devices,” noting that “the nation’s critical infrastructure sectors rely on electronic systems, including Internet of Things (IoT) and operational technology (OT) devices and systems.”

The report cited a December 2022 GAO review, which said that the Departments of Energy, Health and Human Services, Homeland Security and Transportation “had cybersecurity initiatives underway intended to help protect three critical infrastructure sectors with extensive use of IoT or OT devices and systems,” but found that “none of the lead agencies had developed metrics to assess the effectiveness of their efforts.” 

GAO also said that cybersecurity concerns surrounding other emerging technologies—such as artificial intelligence and quantum computing—mean that the government’s oversight “will need to evolve” moving forward to keep pace with potential new threats.

Copyright 2021 Associated Press. All rights reserved.

Advertisement. Scroll to continue reading.

Source: https://www.nextgov.com/cybersecurity/2023/01/majority-gaos-cyber-recommendations-2010-have-gone-unresolved/382043/

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Cyber Security

A top Defense Department official described the private sector as “absolutely essential” in implementing the agency’s new cyber strategy. A top Defense Department official...

Cyber Security

The agency is utilizing a relaunched cybersecurity coordination center and additional programs to significantly ramp up interactions with key partners, a top official said....

Cyber Security

The nation’s cyber defense agency is building onto White House efforts to secure schools’ systems nationwide with the help of major education software companies....

Cyber Security

Despite recent improvements, a watchdog report claims the agency still has more it can do to make threat-sharing policies more effective. Though the Federal...

Copyright © 2023 Hard News Herd Hitting in Your Face News Source | World News | Breaking News | US News | Political News Website by Top Search SEO