About 60% of the cybersecurity recommendations made by the U.S. Government Accountability Office (GAO) since 2010 have not yet been implemented by federal agencies.
The office announced the figures release It added last Thursday that of the 335 public recommendations, 190 still need to be implemented.
“Until these are fully implemented, federal agencies will be more limited in their ability to protect the personal and sensitive data entrusted to them,” GAO wrote.
According to the Secretariat, September 2018 national cyber strategy And the National Security Council’s accompanying June 2019 Implementation Plan, released by the White House, highlights some, but not all, of the National Strategy’s features.
Specifically, the GAO explained that the purpose, scope and methodological processes were implemented along with organizational roles, responsibilities and coordination work. Integration and implementation efforts were also recognized.
However, strategies still need to address goals, sub-objectives, activities, and performance indicators. Resource, investment and risk management operations still need to be implemented.
“Federal agencies face numerous risks related to the information and communication technology (ICT) supply chain, which can lead to disruption of mission operations, theft of intellectual property, and harm to individuals.” GAO writes.
“In December 2020, our review We found that none of the 23 private sector institutions fully implemented all seven core practices for supply chain risk management, and 14 private sector institutions did not implement any of the practices. ”
The Office has also made several recommendations to address ongoing cybersecurity workforce challenges. This includes developing a government-wide workforce plan to support practice.
“The responsibility of government-wide leadership on the issue of the cyber workforce will be [the Office of Management and Budget] When [the Department of Homeland Security] To the National Cyber Director’s Office. The Secretariat is working to develop national strategies that address key issues. ”
According to the GAO report, internet of things The (IoT) Initiative is from the Departments of Energy, Health and Human Services, Homeland Security, and Transportation. It concluded that none of the companies had developed metrics or conducted IoT and OT cybersecurity risk assessments to assess their efforts to de-risk the sector.
Finally GAO saw quantum technology It also called on government agencies to step up their efforts to consider these new tools and develop cybersecurity mitigation strategies.
In this regard, US President Joe Biden Quantum Computing Cybersecurity Preparedness Act It will be enacted in December 2022.
