GAO: U.S. government not properly coordinating cybersecurity efforts

Published 10 March 2010

The U.S. Government Accountability Office, in addressing the Obama administration’s Comprehensive National Cyber Security Initiative (CNCI), a secretive initiative inherited from the Bush administration, warned that “Federal agencies have overlapping and uncoordinated responsibilities for cybersecurity, and it is unclear where the full responsibility for coordination lies”

The U.S. government is still failing on cybersecurity owing to a lack of clear definitions among different agencies, the U.S. Government Accountability Office (GAO has warned.

InfoSecurity reports that in a report issued last Friday, the GAO addressed the Comprehensive National Cyber Security Initiative (CNCI), a secretive initiative launched by the Bush administration in early 2008 and now completed by the Obama administration (see “U.S. Unveils Cybersecurity Strategy,” 5 March 2010 HSNW). The GAO was asked to investigate how different federal agencies have been pulled together to plan and coordinate CNCI activities. It was also requested to identify the challenges faced by the initiative into achieving its objectives.

In a report entitled Cybersecurity: Progress Made but Challenges Remain in Defining and Coordinating the Comprehensive National Initiative, the GAO identified several critical challenges.

Federal agencies have overlapping and uncoordinated responsibilities for cybersecurity, and it is unclear where the full responsibility for coordination lies,” the GAO said.

The report also identified shortcomings in measurement processes that would evaluate the CNCI’s success, adding that this was not for want of available mechanisms. “While federal agencies have begun to develop effectiveness measures for information security, these have not yet been applied to the initiative,” it warned.

The GAO also criticized the level of opacity surrounding the CNCI, adding that the rationale for classifying related information remains unclear. This makes it difficult to coordinate efforts with private sector organizations, which has become a critical part of the Obama administration’s cybersecurity drive.

It is still not even clear how much each CNCI should address public education on cybersecurity, the report complained, before outlining other challenges that go beyond the initiative. “The federal government does not have a formal strategy for coordinating outreach to international partners for the purposes of standards setting, law enforcement, and information sharing,” it warned. Secondly, federal identity management and authentication mechanisms remain a “significant government-wide challenge.”