CybersecurityGAO: U.S. slow to implement president's cyber security strategy
In May 2009 President Obama outlined his cyber policy strategy; a year and a half later, much of that strategy is yet to be implemented; a GAO report reveals that officials are making slow progress on all but two of the twenty-four specific goals highlighted in the president’s strategy
U.S. Federal agencies are woefully behind in achieving their goal of protecting computer networks despite President Obama’s pledge to make cybersecurity a top administration priority, according to a report by the Government Accountability Office (GAO).
The report reveals that officials are making slow progress on all but two of the twenty-four specific goals the government outlined to shore up the U.S. digital infrastructure in the president’s May 2009 cyber policy review.
Those two goals, according to the report issued two weeks ago, are the appointments of a cybersecurity czar responsible for coordinating the nation’s cyber policy and activities, and an official responsible for addressing privacy and civil liberties concerns (“U.S. implements president’s cybersecurity recommendations,” 8 October 2010 HSNW).
Joshua Rhett Miller reports for Fox News that officials from key agencies involved in the cybersecurity efforts — including the Department of Defense and the Office of Management and Budget — attribute the slow implementation of the other twenty-two recommendations to slow-moving agencies that have “not been assigned roles and responsibilities with regard to recommendation implementation,” according to the GAO report.
“Specifically, although the policy review report calls for the cybersecurity policy official to assign roles and responsibilities, agency officials stated they have yet to receive this tasking and attribute this to the fact that the cybersecurity official position was vacant for 7 months,” the 66-page report reads.
That position was filled by Howard Schmidt, the cyber czar, late last year.
The GAO report found that officials from pertinent agencies stated that several midterm recommendations were too broad and will require action over multiple years before full implementation. Federal officials did report, however, that they have efforts planned or underway toward enacting the remaining twenty-two recommendations.
“While these efforts appear to be steps forward, agencies were largely not able to provide milestones and plans that showed when and how implementation was to occur,” the report reads.
Specifically, sixteen of the twenty-two near-term and midterm recommendations did not have milestones and implementation plans. “Consequently, until roles and responsibilities are made clear and the schedule and planning shortfalls identified above are adequately addressed, there is increased risk the recommendations will not be successfully completed, which would unnecessarily place the country’s cyber infrastructure at risk,” the report reads.
Cybersecurity experts contacted by FoxNews.com had mixed reactions to the GAO report. Some, citing the massive scale of the twenty-four initiatives, said any progress advances the goal. Darren Hayes, a professor of computer science at