Gaps in agency cybersecurity measures

By Taelor Sutherland

Over the past few years, various government agencies have announced plans to improve their cybersecurity efforts. These efforts included staffing concerns, risk management and reforming existing systems to better protect against current threats.

The U.S. Government Accountability Office (GAO) developed a report regarding federal cybersecurity challenges. The report compared statements from previous years to where agencies currently stand regarding a variety of cybersecurity practices. GAO found that multiple agencies were ill-prepared to protect important government data despite previous claims.

According to GAO, there were several missing elements in the National Cyber Strategy and Implementation Plan. GAO stated that the plan was lacking in three of six desirable characteristics: “Problem definition and risk assessment,” “Goals, subordinate objectives, activities and performance measures,” and “Resources, investments and risk management.”

Regarding supply chain risks, GAO noted that agencies heavily rely on information and communications technology (ICT). However, GAO also noted that ICT supply chain risks had not been properly addressed. GAO determined that none of the 23 observed federal agencies had fully implemented the seven practices for supply chain risk management, and 14 hadn’t implemented any of the practices. Of the seven practices, only six had been partially implemented.

GAO found that the Office of Management and Budget and the Department of Homeland Security only partially addressed most of the seven key reform practices. Starting in 2020, the practices were meant to address the cybersecurity workforce shortage. Employee engagement was the only practice not addressed by either agency.

GAO found that none of the lead agencies had developed metrics to properly assess their efforts, including Internet of Things (IoT) and OT risk assessments. Lead agencies also need to prepare for the risks that come with evolving technologies, such as quantum computing and artificial intelligence (AI).

For more insight, click here.

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Taelor Sutherland is the Associate Editor at Security magazine. Sutherland covers news affecting enterprise security leaders, from industry events to physical & cybersecurity threats and mitigation tactics. She is also responsible for coordinating and publishing web exclusives, multimedia content, social media posts, and a number of eMagazine departments. Sutherland graduated in 2022 with a BA in English Literature from Agnes Scott College.