GAO slams White House for failing to lead on cybersecurity

Lack of a cybersecurity R&D agenda puts nation at risk, report says

1 2 Page 2
Page 2 of 2

In addition, the GAO itself has in the past noted the absence of a federal, cybersecurity research agenda and had called on the director of the OSTP to establish firm timelines for setting up one, the report noted.

Despite such recommendations and despite its legal responsibility, the OSTP subcommittee on Networking and Information Technology Research and Development (NITRD), which is specifically responsible for coordinating federal cybersecurity R&D, has failed to lead, the GAO said.

Up to now, NITRD has failed to create a national R&D agenda, has not established any goals or priorities for cybersecurity R&D and has no mechanism for tracking federal cybersecurity R&D funding and spending.

The GAO report references -- and then dismisses -- various documents that officials from the OSTP and OMB have claimed comprise a national R&D agenda. "These documents do not constitute, whether taken collectively or separately, a prioritized national agenda," because they are outdated or lack detail, the GAO said.

In a letter responding to the GAO report, Patrick Gallagher, director of NIST, concurred with the call for the OSTP to do more to get federal R&D cybersecurity moving along. But the letter challenged the report's conclusion that there was a lack of leadership by the OSTP.

"This report creates the impression that there is little leadership, coordination and planning in the Federal government," for cybersecurity R&D, Gallagher wrote. "We believe that OSTP and NITRD are coordinating research activities and working with the federal government research community to identify a research strategy."

Meanwhile, in a separate letter the OSTP insisted that it could not concur with some of the GAO's findings, and insisted that it already has a five-year plan for cybersecurity research, which is available online (PDF document) and which will soon be updated.

The NITRD is also working on a "game-change R&D strategy that responds to the leap-ahead goals" of the multi-billion Comprehensive National Cybersecurity Initiative, launched during the Bush Administration, the OSTP letter noted. Details of this work will be available to the public in the next few days, the letter promised.

Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan or subscribe to Jaikumar's RSS feed . His e-mail address is

Copyright © 2010 IDG Communications, Inc.

1 2 Page 2
Page 2 of 2
Shop Tech Products at Amazon