The White House has a relatively new national cyber-security strategy with many recommendations on how to keep the country safe, but officials need to move faster than they are now if they want to make those tips a reality, according to the Government Accountability Office (GAO).
The Obama Administration released its 60-day Cyberspace Policy Review in May 2009, which included 24 near- and mid-term recommendations for the government to make America’s corner of the World Wide Web a lot safer.
But only two of them have been implemented since — appointing a national cyber-security official and another privacy and civil liberties official. The remaining 22 have only been partially implemented.
“Some of the recommendations have associated target dates for completion and some don’t,” said David Powner, the GAO’s director of Information Technology Management Issues.
The GAO released its findings in a report on Wednesday, Oct. 6. The organization claims implementation of these recommendations have been impeded by the fact that the cyber-coordinator position had been vacant for so long, which means there was no direct leadership to get things moving. The White House appointed Howard Schmidt as the first coordinator in December 2009, seven months after the recommendations were released.
According to the report, federal agencies say they’re moving slowly in part because they haven’t been assigned any direct roles to fulfill or benchmarks to meet.
“We’re big believers in setting targets, and [when] you have accountability and target dates, you’re going to have a far better chance of accomplishing those tasks than if you don’t have those interim milestones and target dates,” Powner said.
And apparently, several recommendations are too broad for them to know what they’re specifically supposed to do. The agencies will need years to make them a reality and several of them have already begun moving toward these goals, hence the fact that 22 of the review recommendations have only been partially completed. However, agencies were largely unable to provide the GAO milestones and plans demonstrating how they’d be done or when. Sixteen of the 22 partially completed recommendations were devoid of milestones for implementation.
“You want to see plans with associated milestones because some of these are complex areas, and then also the development of metrics,” Powner said.
The GAO recommends that Schmidt designate roles and responsibilities and develop plans and milestones to diminish agency confusion.
“What we need is more action and follow-up to ensure that we’re making progress and providing greater security, not only for the federal government but for critical infrastructure and for the nation’s systems. That’s really the intent of cyber-space strategy in this whole policy approach,” Powner said.