GAO Lists 12 Cybersecuity Strategy Improvements

The US Government Accountability Office (GAO) recently released highlights of their study on Cybersecurity. The report notes that key improvements are needed to strengthen the Nation's posture and criticizes the Department of Homeland Security (DHS) strongly for having "yet to fully satisfy its responsibilities designated by the national cybersecurity strategy." Here's a summary of the report:

Pervasive and sustained computerbased (cyber) attacks against federal and private-sector infrastructures pose a potentially devastating impact to systems and operations and the critical infrastructures that they support. To address these threats, President Bush issued a 2003 national strategy and related policy directives aimed at improving cybersecurity nationwide. Congress and the Executive Branch, including the new administration, have subsequently taken actions to examine the adequacy of the strategy and identify areas for improvement. Nevertheless, GAO has identified this area as high risk and has reported on needed improvements in implementing the national cybersecurity strategy.

The GAO made 30 recommendations in key cybersecurity areas, including bolstering cyber analysis and warning capabilities, completing actions identified during cyber exercises, improving cybersecurity of infrastructure control systems, strengthening DHS' ability to help recover from Internet disruptions and addressing cybercrime.

In addition to these areas identified as needing improvement, the GAO report identified 12 key strategy improvements:

1. Develop a national strategy that clearly articulates strategic objectives, goals, and priorities
2. Establish White House responsibility and accountability for leading and overseeing national cybersecurity policy
3. Establish a governance structure for strategy implementation
4. Publicize and raise awareness about the seriousness of the cybersecurity problem
5. Create an accountable, operational cybersecurity organization
6. Focus more actions on prioritizing assets, assessing vulnerabilities, and reducing vulnerabilities than on developing additional plans
7. Bolster public/private partnerships through an improved value proposition and use of incentives
8. Focus greater attention on addressing the global aspects of cyberspace
9. Improve law enforcement efforts to address malicious activities in cyberspace
10. Place greater emphasis on cybersecurity research and development, including consideration of how to better coordinate government and private sector efforts
11. Increase the cadre of cybersecurity professionals
12. Make the federal government a model for cybersecurity

The GAO says that the nation's federal and private-sector infrastructure systems remain at risk without these improvements. They suggest the new administration consider these improvements as part of the nation's cybersecurity strategy.

Via network world