Friday, March 5, 2010
US agencies need clear cybersecurity roles
In its report, the GAO cited "defining roles and responsibilities" as among the "challenges" to cybersecurity efforts.
"Federal agencies have overlapping and uncoordinated responsibilities for cybersecurity, and it is unclear where overall responsibility for coordination lies," the GAO said.
Other challenges raised by GAO were "coordinating actions with international entities" and "establishing an appropriate level of transparency."
The federal government does not have a formal strategy for coordinating outreach to international partners for the purposes of standards setting, law enforcement, and information sharing," the GAO said.
"Few of the elements of CNCI have been made public, and the rationale for classifying related information remains unclear, hindering coordination with private sector entities and accountability to the public," the GAO said.
"Until these challenges are adequately addressed, there is a risk that CNCI will not fully achieve its goal to reduce vulnerabilities, protect against intrusions, and anticipate future threats against federal executive branch information systems," it said.
The White House took issue with the GAO's conclusion that the roles of the various agencies tasked with cybersecurity were not well defined.
In a letter to the director of the GAO, Chief Information Officer Vivek Kundra said "the roles and responsibilities of agencies participating in the CNCI are clearly defined."
Kundra also pointed out that President Barack Obama had made cybersecurity a top priority of his administration, had conducted a 60-day cybersecurity review and had appointed an overall cybersecurity coordinator in December. reuters.com