12 Ways to Improve Federal Cybersecurity
GAO Solicits Experts' Views on Critical Aspects of Infosec Strategy
"Until they are addressed, our nation's most critical federal and private sector cyber infrastructure remain at unnecessary risk to attack from our adversaries," GAO said in a report released Tuesday that delineated the 12 strategy improvements.
Key Cybersecurity Strategy Improvements
- Develop a national strategy that clearly articulates strategic objectives, goals and priorities.
- Establish White House responsibility and accountability for leading and overseeing national cybersecurity policy.
- Establish a governance structure for strategy implementation.
- Publicize and raise awareness about the seriousness of the cybersecurity problem.
- Create an accountable, operational cybersecurity organization.
- Focus more actions on prioritizing assets, assessing vulnerabilities and reducing vulnerabilities than on developing additional plans.
- Bolster public-private partnerships through an improved value proposition and use of incentives.
- Focus greater attention on addressing the global aspects of cyberspace.
- Improve law enforcement efforts to address malicious activities in cyberspace.
- Place greater emphasis on cybersecurity research and development, including consideration of how to better coordinate government and private sector efforts.
- Increase the cadre of cybersecurity professionals.
- Make the federal government a model for cybersecurity, including using its acquisition function to enhance cybersecurity aspects of products and services.
The GAO report - written by Gregory Wilshusen, director of information security issues, and David A. Powner, director of IT management issues - was presented to the Senate Judiciary Committee's Subcommittee on Terrorism and Homeland Security, which held a hearing Tuesday on preventing terrorist attacks and protecting privacy in cyberspace.
