While the Office of the National Cyber Director (NCD) closes in on releasing its national cybersecurity strategy, the Government Accountability Office (GAO) is reviewing a long list of outstanding security recommendations to Federal agencies and hoping that the forthcoming cyber strategy will hit the mark on a wide range of items it has been flagging for years.
It’s a well-known fact in the IT universe that the national cyber strategy release is close to its big reveal – but officials have been very hush-hush about specifics of when the final plan will be unveiled, and exactly what it may contain.
Amidst various reports that ONCD Director Chris Inglis is slated to release his strategy to bolster the United States’ cybersecurity in the coming weeks, GAO delivered a long-view account of Federal agencies’ cyber actions since 2010, and what it hopes to see in NCD’s strategy.
“We have made about 335 recommendations in public reports since 2010 with respect to establishing a comprehensive cybersecurity strategy and performing oversight,” the government watchdog agency said on Jan. 19. “Until these are fully implemented, federal agencies will be more limited in their ability to protect private and sensitive data entrusted to them,” GAO warned.
GAO’s first recommendation urges the government to “develop and execute a more comprehensive federal strategy for national cybersecurity and global cyberspace.”
According to recent reporting from The Washington Post, ONCD’s strategy “is moving through the final stages of interagency approval – involving more than 20 departments and agencies – and is expected to be signed by President Biden in the coming weeks.”
Among other items, GAO is urging that the NCD strategy include a government-wide reform plan that addresses the national cybersecurity workforce shortage.
The Trump administration previously issued a national cybersecurity strategy in 2018 and an implementation plan in 2019, which GAO noted, “addressed some, but not all, of the desirable characteristics of national strategies.”
GAO emphasized that the Biden administration should work to ensure that it addresses characteristics missing from the Trump-era strategy – like problem definition, goals, and resources.
The watchdog agency’s report also recommends Federal agencies work to mitigate global supply chain risks and ensure the security of emerging technologies.
Completion of the strategy could be one of Inglis’ last major moves as national cyber director given the announcement of his planned retirement.
“After five decades of public service, Chris intends to retire in early 2023, and Principal Deputy National Cyber Director Kemba Walden will become Acting National Cyber Director,” ONCD told MeriTalk this week. “The precise timing of his retirement has not yet been fully determined.”
“While we will certainly miss Chris’s leadership, Kemba has the full confidence of the organization and will lead as Acting with deep expertise and passion, just as she has done as the Principal Deputy,” the agency said. “ONCD will continue focusing on delivering the Biden-Harris Administration promise of a safe, secure, and equitable cyberspace.”