Friday, March 5, 2010

US agencies need clear cybersecurity roles

The GAO report looked at the Comprehensive National Cybersecurity Initiative (CNCI), which was launched by former US president George W. Bush in 2008 to reduce vulnerabilities and protect federal systems against cyber attack.

In its report, the GAO cited "defining roles and responsibilities" as among the "challenges" to cybersecurity efforts.

"Federal agencies have overlapping and uncoordinated responsibilities for cybersecurity, and it is unclear where overall responsibility for coordination lies," the GAO said.

Other challenges raised by GAO were "coordinating actions with international entities" and "establishing an appropriate level of transparency."

The federal government does not have a formal strategy for coordinating outreach to international partners for the purposes of standards setting, law enforcement, and information sharing," the GAO said.

"Few of the elements of CNCI have been made public, and the rationale for classifying related information remains unclear, hindering coordination with private sector entities and accountability to the public," the GAO said.

"Until these challenges are adequately addressed, there is a risk that CNCI will not fully achieve its goal to reduce vulnerabilities, protect against intrusions, and anticipate future threats against federal executive branch information systems," it said.

The White House took issue with the GAO's conclusion that the roles of the various agencies tasked with cybersecurity were not well defined.

In a letter to the director of the GAO, Chief Information Officer Vivek Kundra said "the roles and responsibilities of agencies participating in the CNCI are clearly defined."

Kundra also pointed out that President Barack Obama had made cybersecurity a top priority of his administration, had conducted a 60-day cybersecurity review and had appointed an overall cybersecurity coordinator in December.

No comments:

Post a Comment