Cybersecurity: Launching and Utilizing the Nationwide Cybersecurity Method
What GAO Uncovered
The fiscal yr 2021 national defense authorization act founded the Office of the Countrywide Cyber Director (ONCD) and the Senate confirmed a Nationwide Cyber Director in June 2021 to serve as the principal advisor to the President on cybersecurity plan and method. In March 2023, the White Household issued the Nationwide Cybersecurity Strategy, describing 5 pillars supporting the nation’s cybersecurity:
- Protect critical infrastructure
- Disrupt and dismantle threat actors
- Shape current market forces to travel safety and resilience
- Spend in a resilient future
- Forge intercontinental partnerships
In April 2023, GAO described that the goals and strategic goals involved in the document offer a good foundation for setting up a more detailed technique. Precisely, the technique absolutely resolved a few of six desirable traits of a national technique. However, it only partly addressed the remaining a few. These include things like
- objectives, subordinate objectives, things to do, and efficiency measures
- means, investments, and chance administration and
- organizational roles, tasks, and coordination.
ONCD stated it strategies to get the job done with federal businesses to develop a prepare to carry out the approach, such as milestones or overall performance actions, and to establish finances priorities. It is critical that these aspects be issued expeditiously so agencies can start out arranging and allocating resources to appropriately execute the method. Until the federal governing administration issues the implementation prepare and assures its approach documents thoroughly handle the attractive features of a national system, the country will deficiency a clear roadmap for overcoming its cyber worries.
In addition, the recently proven Nationwide Cyber Director place has been vacant because the Director resigned in February 2023. As of July 2023, an acting formal proceeds to carry out the obligations. This emptiness leaves unfilled a essential leadership function needed to coordinate federal initiatives to deal with cybersecurity threats and troubles. Additional, sustained management in this place is essential to ensuring system execution and accountability.
Why GAO Did This Examine
Federal businesses and our nation’s important infrastructure—such as energy, transportation, communications, and financial services—rely on facts systems to carry out elementary functions. Because of the escalating threats to federal info programs, significant infrastructure, and the privacy of individually identifiable data, GAO has specified ensuring the nation’s cybersecurity as a federal government-extensive substantial hazard problem. This designation emphasizes the urgency with which the federal government requires to undertake efforts to deal with the nation’s cybersecurity difficulties. Accordingly, Congress proven the Business office of the Nationwide Cyber Director in the White Residence with the authority to put into action and persuade motion in assist of the nation’s cybersecurity. One particular of this office’s obligations is developing and applying a thorough national approach to tackle cybersecurity threats and issues. This solution summarizes new GAO reports that assessed the federal government’s efforts to set up a countrywide cybersecurity tactic and plans for utilizing it.
For far more details, speak to Marisol Cruz Cain at (202) 512-5017 or CruzCainM@gao.gov.