The Government Accountability Office (GAO) is acknowledging strides that the Biden administration has taken this year to broadly improve cybersecurity, but is still encouraging the Federal government to take more steps to strengthen the cybersecurity of the nation’s critical infrastructure in light of several high-profile cyber incidents over the course of the past year.
In a new report, GAO reiterated that that national-level cybersecurity is on its High-Risk List, and recounted the numerous reports it has issued in recent years on major cybersecurity challenges and critical Federal actions needed to address them.
In its latest report, GAO identified four major cyber challenges and associated 10 critical actions with those. The four major challenges include:
- Establishing a comprehensive cybersecurity strategy and performing effective oversight;
- Securing Federal systems and information;
- Protecting cyber critical infrastructure; and
- Protecting privacy and sensitive data.
To address critical infrastructure cybersecurity, GAO says the Federal government should develop and execute a comprehensive national cyber strategy, and strengthen the Federal role in protecting the cybersecurity of critical infrastructure.
“In September 2020, GAO reported that the White House’s 2018 National Cyber Strategy and related implementation plan addressed some, but not all, of the desirable characteristics of national strategies, such as goals and resources,” GAO wrote. “GAO also reported that it was unclear which official within the executive branch ultimately maintained responsibility for coordinating the execution of the National Cyber Strategy.”
Speaking to the need for a comprehensive national cyber strategy, GAO noted establishment earlier this year of the National Cyber Director (NCD), confirmation of Chris Inglis to the office, and the NCD’s strategic intent statement issued in October.
“The establishment of a National Cyber Director is an important step toward positioning the federal government to better direct activities to address the nation’s cyber threats,” GAO said.
“Nevertheless, GAO’s recommendation to develop and execute a comprehensive national cyber strategy is not yet fully implemented,” the watchdog agency said. “As a result, a pressing need remains to provide a clear roadmap for addressing the cyber challenges facing the nation, including its critical infrastructure.”
GAO has made about 3,700 recommendations aimed at improving cybersecurity shortcomings since 2010. As of November 2021, 900 of those have yet to be implemented.
GAO’s latest report on Federal government cybersecurity was part of the agency’s testimony at a Dec. 2 hearing of the House Transportation and Infrastructure Committee.