GAO slams White House for failing to lead on cybersecurity
Lack of a cybersecurity R&D agenda puts nation at risk, report says
Computerworld - The White House Office of Science and Technology Policy has so far failed to live up to its responsibility to coordinate a national cybersecurity R&D agenda, the Government Accountability Office (GAO) said in a report released this week.
As a result, the U.S risks falling behind other countries on cybersecurity matters, and being unable to adequately protect its interests in cyberspace, the 36-page report (PDF document) warned.
The GAO report was prepared at the behest of the House Committee on Homeland Security, and called on the OSTP to show more leadership in pulling together a focused and prioritized short, medium- and long-term R&D strategy for cybersecurity.
The report noted that the White House's National Strategy to Secure Cyberspace from 2003 tasks the OSTP with coordinating the development of such a strategy and for updating it on an annual basis.
Over the years, the OSTP has taken "initial steps toward developing such an agenda," the GAO report said. However, "one does not currently exist" even today, the report said.
Although the OSTP and the White House Office of Management and Budget (OMB) have said that such an agenda is indeed contained in "existing documents," the documents are either outdated or lack sufficient detail, the GAO noted.
Currently, five federal agencies including the National Science Foundation, the U.S Department of Homeland Security, and the National Institutes of Science and Technology fund and carry out most of the government's cybersecurity R&D work. Several private sector companies also carry out either federally-funded or self-funded cybersecurity R&D projects for the government.
Over the years, there have been numerous calls for more centralized oversight and coordination of these various R&D efforts to ensure that the projects are meeting a focused national cybersecurity.
Among those who have called for such coordination are the President's Council of Advisors on Science and Technology in 2007, the President's Information Technology Advisory Committee in 2005 and the Center for Strategic and International Studies (CSIS) in 2008, the GAO said.
Obama and tech
- China set to surpass U.S. in R&D spending in 10 years
- Outgoing federal CIO warns of 'an IT cartel'
- @whitehouse takes on Twitter Town Hall
- Obama's CIO quits
- Little new in Obama cybersecurity proposal
- Feds update IT plan following Obama's 'horrible' comment
- Obama's online trusted ID plan greeted with caution
- U.S. Census tech makeover includes 'oasis' for innovation
- Obama seeks big boost in cybersecurity spending
- QuickPoll: Is Obama's 98% 4G broadband coverage goal realistic?
- Using Cyber Insurance and Cybercrime Data to Limit Your Business Risk This paper examines the challenges of understanding cyber risks, the importance of having the right cyber risk intelligence, and how to use this...
- 5 Tips to Secure Small Business Backdoors in the Enterprise Supply Chain This paper examines the insecurity of the small businesses in the supply chain and offers tips to close those backdoors into the enterprise.
- Comprehensive Advanced Threat Defense The hot topic in the information security industry these days is "Advanced Threat Defense" (ATD). This paper describes a comprehensive, network-based approach to...
- Advanced Threat Defense: A Comprehensive Approach In this interview, Peter George, president, General Dynamics Fidelis Cybersecurity Solutions, explains why we need more than anti-malware, and what constitutes a comprehensive...
- Live Webcast Security Vulnerabilities Associated With Having Local Administrator Privileges Viewfinity will demonstrate how removing admin rights and granularly managing privileges at the application level reduces the attack surface.
- Security Vulnerabilities Associated With Having Local Administrator Privileges Viewfinity will demonstrate how removing admin rights and granularly managing privileges at the application level reduces the attack surface.
- NSS Labs & Cisco Present: Evaluating Leading Breach Detection Systems Today's constantly evolving advanced malware and APTs can evade point-in-time defenses to penetrate networks. Security professionals must evolve their strategy in lockstep to... All Cybercrime and Hacking White Papers | Webcasts