The GAO has called for urgency in fleshing out and carrying out the updated National Cybersecurity Strategy issued in March, saying “it is critical that these details be issued expeditiously so agencies can begin planning and allocating resources to properly execute the strategy.”
A snapshot report on the issue—which has been on the GAO’s high-risk list since 1997—says that the document provides “a good foundation for establishing a more comprehensive strategy.” Its five goals include defend critical infrastructure, disrupt and dismantle threat actors, shape market forces to drive security and resilience, invest in a resilient future and forge international partnerships.
“However, not all of the desirable characteristics of national strategies were addressed,” it said, listing issues such as setting goals and performance measures, defining organizational responsibilities, allocating resources, and risk management.
The Office of National Cyber Director is working with agencies on implementation planning but “until the federal government issues the implementation plan and ensures its strategy documents fully address the desirable characteristics of a national strategy, the nation will lack a clear roadmap for overcoming its cyber challenges,” it said.
It also noted that the position of national cyber director is being filled only on an interim basis following the resignation of the prior director in February. “This vacancy leaves unfilled a key leadership role needed to coordinate the federal efforts to address cybersecurity threats and challenges. Further, sustained leadership in this position is essential to ensuring strategy execution and accountability,” it said.