GAO: U.S. slow to implement president's cyber security strategy
Pace University in New York, said part of the problem is that the United States is not producing enough specialists in information technology and security. He cited 2000 Census figures that revealed that 47 percent of all U.S. scientists and engineers with doctorates were foreign-born.
“It happens at the grassroots level,” Hayes told FoxNews.com. “Sometimes it’s just a matter of education. Education is really, really important. Some of these initiatives are more long-term, and just getting enough IT professionals is very difficult. We’re simply not producing enough people, so trying to fix that is another long-term initiative. The government does have a difficult job to carry out.”
Miller notes that one key recommendation contained in the GAO report that needs swift attention is the need to develop a set of threat scenarios and metrics that could be used for risk management decisions and recovery planning, according to Reza Curtmola, an assistant professor of computer science at New Jersey’s Science & Technology University.
“We don’t have a basic good set of metrics on how to determine how secure our systems and networks are,” Curtmola said, citing the complexity of software needed to perform that task.
Will McGill, an assistant professor of information sciences and technology at Penn State University, said he found the GAO report “fairly thin” and said any recent progress should be welcomed. “It’s not like we’re going down, we’re just staying the same and we’re looking to do better,” McGill said. “The fact that something is being done on those recommendations is still a reduction in risk.”
McGill said the government is far from the only cybersecurity stakeholder. He said a degree of responsibility trickles down from the federal government to municipalities to private organizations to private individuals.
“Just looking at the big picture, I don’t think they’re doing anything wrong, but they’re moving a bit slower than I’d like,” he said. “The pace could be accelerated, but saying that by not [completing the recommendations] our risk is going up is incorrect.”
Miller quotes National Security Council (NSC) officials who, in a statement to FoxNews.com, cited “significant progress” made on near-term priority items, including the approval of a National Cyber Incident Response Plan (NCIRP), the release of a draft of National Strategy for Trusted Identities in Cyberspace and an ongoing public information campaign called “Stop. Think. Connect.”
NSC officials also noted that the GAO report identified many of the recommendations as long-term fixes that will require years of sustained effort.
“Cybersecurity also requires a whole of government, and, indeed, a whole of nation approach,” the statement read. “The cross-cutting nature of the cybersecurity policy area is why the President appointed [Schmidt] to orchestrate activities across the federal government to achieve a more secure and resilient information and communications infrastructure.”
The statement concluded, “We are more secure today than we were a year ago and we will continue to make progress and take action in this vital area.”
