The White House Office of Science and Technology Policy has so far failed to live up to its responsibility to coordinate a national cybersecurity R&D agenda, the Government Accountability Office (GAO) said in a report released this week.
As a result, the U.S risks falling behind other countries on cybersecurity matters, and being unable to adequately protect its interests in cyberspace, the 36-page report (PDF document) warned.
The GAO report was prepared at the behest of the House Committee on Homeland Security, and called on the OSTP to show more leadership in pulling together a focused and prioritized short, medium- and long-term R&D strategy for cybersecurity.
The report noted that the White House's National Strategy to Secure Cyberspace from 2003 tasks the OSTP with coordinating the development of such a strategy and for updating it on an annual basis.
Over the years, the OSTP has taken "initial steps toward developing such an agenda," the GAO report said. However, "one does not currently exist" even today, the report said.
Although the OSTP and the White House Office of Management and Budget (OMB) have said that such an agenda is indeed contained in "existing documents," the documents are either outdated or lack sufficient detail, the GAO noted.
Currently, five federal agencies including the National Science Foundation, the U.S Department of Homeland Security, and the National Institutes of Science and Technology fund and carry out most of the government's cybersecurity R&D work. Several private sector companies also carry out either federally-funded or self-funded cybersecurity R&D projects for the government.
Over the years, there have been numerous calls for more centralized oversight and coordination of these various R&D efforts to ensure that the projects are meeting a focused national cybersecurity.
Among those who have called for such coordination are the President's Council of Advisors on Science and Technology in 2007, the President's Information Technology Advisory Committee in 2005 and the Center for Strategic and International Studies (CSIS) in 2008, the GAO said.