GAO criticizes government cybersecurity R&D procedures

Long-time readers may have noticed that, of all government agencies, we like the Government Accountability Office the most. Charged with overseeing government programs and providing suggestions for improvement, the GAO plays a vital role in both disseminating information to the public and spurring on improvements inside the government. Take as an example a new report that argues the federal government is failing to adequately coordinate research and development on cybersecurity issues. Among the key concerns were:

BULLET POINTS

Although an interagency working group has been formed to focus and guide cybersecurity spending, no federal cybersecurity research agenda has been developed as recommended in the National Strategy to Secure Cyberspace.

A data repository intended to house a common bank of information on federal IT projects has failed to get off the ground because OMB had not issued guidance to ensure that agencies provided all information required for the repositories. As a result, information needed for oversight and coordination of cyber security research activities was not readily available.

Research and development is spread across multiple agencies, making coordination and avoiding redundancy difficult. Relevent agencies include the departments of Homeland Security, Defense and Energy, the National Institute of Standards and Technology, the National Science Foundation and agencies in the intelligence community, such as the National Security Agency and the Defense Advanced Research Projects Agency.

END BULLETS

GAO recommended that the Office of Science and Technology Policy establish firm timelines for completing the federal cybersecurity R&D agenda and that the Office of Management and Budget issue guidance to agencies on reporting information to the cybersecurity repository.

-read more in Patience Wait’s GCN report