Federal government lacks clear cybersecurity strategy, says GAO

August 3, 2010 — 3:31pm ET | By Molly Bernhart Walker

Tools

Tags
Barack Obama
Cyberspace Policy Review
GAO report
Howard Schmidt
cybersecurity
DHS
DoD
Commerce Department
Gary Locke

President Obama's Cyberspace Policy Review (.pdf) determined the need for a clear strategy for cybersecurity, yet no such strategy exists, states a Government Accountability Office audit published August 2.

The report attributes lack of a coherent and comprehensive U.S. cybersecurity strategy to "challenges in U.S. leadership, strategy and coordination."

The GAO recommends that cyber czar Howard Schmidt, with the assistance of other federal entities and the private sector, take five actions to address the current cybersecurity challenges:

Advise the appropriate agencies or committees on more effectively coordinating a coherent national approach to cyberspace policy;
develop, with the help of relevant federal and nonfederal entities--including the departments of Commerce, Defense Homeland Security, Justice and State--a comprehensive U.S. global cyberspace strategy outlining:
         - Encompassing goals, subordinate objectives, specific activities, performance metrics and reasonable time frames to achieve results;
         - technical standards and policies while taking into consideration U.S. trade; and
         - rules for enforcement of U.S. civil and criminal law.
Enhance the interagency coordination mechanisms and better engage their efforts;
establish, with the help of key entities--including DHS, State and other agencies within government and outside of government--protocols for global, cyber-incident response; and
determine, with the help of key entities--including DHS, State and other agencies within government--which, if any, cyberspace norms should be defined to support U.S. interests and methods for fostering such cybersecurity norms internationally.

The report portrays a chaotic, interconnected cyberspace policy field populated by many players and littered with many hurdles. The absence of top-level leadership, a coherent and comprehensive strategy, coordinated cross-agency efforts and technical standards are just a sampling of the seven problems impeding a cohesive approach to securing cyberspace, according to the report.

Schmidt told the GAO that he and his staff generally concur with the recommendations and said that many of the suggested actions are already underway.

But, Schmidt told GAO auditors that their report "does not fully portray their leadership efforts, their efforts to develop a strategy, and improvements they have made regarding interagency coordination."

Gary Locke, secretary of the Commerce Department provided a written response to the GAO report. "We concur with the report's recommendation that the national Cybersecurity Coordinator should take steps to address identified challenges, including developing a comprehensive national strategy for global cyberspace and improving interagency coordination," he said.

For more:
- see GAO report GAO-10-606 (.pdf)
- see the Cyberspace Policy Review (.pdf)