The Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) needs to assess the effectiveness of its programs and services to support the communications sector – which is critical for U.S. national security.
In a Government Accountability Office (GAO) report, the agency highlighted that CISA supports the communications sector through incident management and information-sharing activities. Through assessing the effectiveness of its programs and services, CISA would benefit by identifying its highest priorities.
“CISA has also not updated the 2015 Communications Sector-Specific Plan, even though DHS guidance recommends that such plans be updated every four years,” wrote GAO. “As a result, the current 2015 plan lacks information on new and emerging threats to the Communications Sector, such as security threats to the communications technology supply chain, and disruptions to position, navigation, and timing services.”
GAO offered that developing and issuing an updated plan from its 2015 version will help CISA set goals, objectives, and other priorities to address threats and risks to the sector and meet its sector risk management agency responsibilities.
GAO made three recommendations for CISA to follow, all of which DHS agreed to. The recommendations include:
- Assess the effectiveness of CISA’s programs and services to support the communications sector, which includes developing and implementing metrics and analyzing feedback received from owners and operators;
- Complete a capability assessment for Emergency Support Function #2, like establishing requirements, maintaining a list of current capabilities, and conducting a capability gap analysis to identify if and where resources are needed; and
- Coordinate with public and private communications sector stakeholders to produce a revised communications sector-specific plan, to include goals, objectives, and priorities to address new and emerging threats and risks to the communications sector and align with sector risk management agency responsibilities.