Cybersecurity: Clarity of Leadership Urgently Needed to Fully Implement the National Strategy

Abstract

Increasingly sophisticated cyber threats have underscored the need to manage and bolster the cybersecurity of key government systems and the nations cybersecurity. The risks to these systems are increasing as security threats evolve and become more sophisticated. GAO firstdesignated information security as a government-wide high-risk area in 1997. This was expanded to include protecting cyber critical infrastructure in 2003 and protecting the privacy of personally identifiable information in 2015. In 2018, GAO noted that the need to establish a national cybersecurity strategy with effective oversight was a major challenge facing the federal government. GAO was requested to review efforts to protect the nations cyber critical infrastructure. The objectives of this report were to (1) describe roles and responsibilities of federal entities tasked with supporting national cybersecurity, and (2) determine the extent to which the executive branch has developed a national strategy and a plan to manage its implementation. To do so, GAO identified 23 federal entities responsible for enhancing the nations cybersecurity. Specifically, GAO selected 13 federal agencies based on their specialized or support functions regarding critical infrastructure security and resilience, and 10 additional entities based on analysis of its prior reviews of national cybersecurity, relevant executive policy, and national strategy documents. GAO also analyzed the National Cyber Strategy and Implementation Plan to determine if they aligned with the desirable characteristics of a national strategy.

Document Details

Document Type

Technical Report

Publication Date

Sep 01, 2020

Accession Number

AD1131146

Entities

Tags