GAO: DHS has 'major tasks' to do in cybersecurity

Featured eBooks
Health Tech
Read Now

Next-Generation Computing

Read Now

Space Tech

Read Now
Insights & Reports
Cyber-Informed Engineering for OT Security and AVEVA PI Users
Presented By Carahsoft
Download Now
Revolutionizing Workforce Management for Federal Employees
Presented By Ultimate Kronos Group
Download Now
By David Hubler

By David Hubler

|

A GAO report states that in 2005 the department had pinpointed 13 key cybersecurity responsibilities without fully addressing any of them.

Related Links

A work in progress

A new Government Accountability Office report recognizes the efforts the Homeland Security Department has made to strengthen its responsibilities for enhancing the cybersecurity of critical infrastructures. But GAO said major tasks remain to be done.

The report was included as testimony by David Powner, director of information technology management issues at GAO, when he appeared before the House Homeland Security Committee’s Economic Security, Infrastructure Protection and Cybersecurity Subcommittee Sept. 13.

In its report, GAO states that in 2005 DHS had pinpointed 13 key cybersecurity responsibilities without fully addressing any of them. For example, DHS established forums to foster information sharing among federal and law enforcement officials “but had not developed national threat and vulnerability assessments for cybersecurity.”

GAO acknowledged that some progress has been made since then in all 13 categories, including DHS’ release of a National Infrastructure Protection Plan, but the department still has not completed any of them.

GAO said DHS’ initiatives this year to develop an integrated public/private plan for Internet recovery were not complete or comprehensive. Moreover, many of the efforts of the working groups DHS established to facilitate coordination and practice responding to cyber events “lacked time frames for completion, and the relationships among its various initiatives were not evident.”

GAO also took note of the number of senior DHS cybersecurity officials who have left the department. The newly created position of assistant secretary of cybersecurity and telecommunications has been unfilled for a year.

George Foresman, DHS’ undersecretary for preparedness, told the subcommittee the department has a strong potential candidate for that job and would possibly bring that person forward soon, pending a security clearance.

GAO noted that it has made about 25 recommendations to DHS in the past several years. It has suggested that the department conduct threat and vulnerability assessments and develop a strategic analysis and warning capability for identifying potential cyberattacks.

“Until they are addressed,” the report states, “DHS will have difficulty achieving results as the federal cybersecurity focal point.”

NEXT STORY: Senators: Expedite info-sharing plan