GAO called on the White House cybersecurity coordinator develop an overarching federal cybersecurity strategy that includes all key elements of the desirable characteristics of a national strategy to provide a more effective framework for implementing cybersecurity activities and better ensure that such activities will lead to progress in cybersecurity.
This strategy should also better ensure that federal departments and agencies are held accountable for making significant improvements in cybersecurity challenge areas, including designing and implementing risk-based programs, detecting, responding to, and mitigating cyber incidents, promoting education, awareness, and workforce planning, promoting R&D, and addressing international cybersecurity challenges, GAO said.
It said that in order to address these issues, the strategy should clarify how OMB will oversee agency implementation of requirements for effective risk management processes and establish a roadmap for making significant improvements in cybersecurity challenge areas where previous recommendations have not been fully addressed.
GAO added that in order to address ambiguities in roles and responsibilities that have resulted from recent executive branch actions, that Congress should consider legislation to better define roles and responsibilities for implementing and overseeing federal information security programs and for protecting the nation’s critical cyber assets.
The White House agreed that more should be done – and agreed Congress should consider enhanced cybersecurity legislation – but stopped short of agreeing that another strategy document is needed.
