GAO: U.S. Interests in Cyberspace at DisadvantageNet Speed Outpaces Efforts to Develop Global Cyberspace Strategy
The 53-page report said the rapid integration of information and communication technologies into virtually every aspect of modern life and the increase in associated threats have outpaced efforts by the United States and the international community.
"Without top-level leadership, the federal government has not forged a coherent and comprehensive strategy for cyberspace security and governance policy," David Powner (at left), GAO information technology management issues director, wrote House Homeland Security Committee Chairman Bennie Thompson, D-Miss.; Rep. Yvette Clarke, D-N.Y., chair of the Homeland Security Subcommittee on Emerging Threats, Cybersecurity and Science and Technology; and Sen. Kristen Gillibrand, D-N.Y.,
GAO recommended that the White House cybersecurity coordinator address challenges including developing a comprehensive national global cyberspace strategy. Powner said the cybersecurity coordinator and his staff generally concurred with the recommendations and told the GAO that actions are already being taken.
The office of Cybersecurity Coordinator Howard Schmidt hasn't responded to a request for a comment, but Clarke issued a statement that addressed the gravity of the situation.
"This report only reconfirms the committee's oversight findings: global Internet security governance is a hodge-podge of limited requirements and despite the administration's increased commitment to this issue, huge gaps in coordination, authorities and responsibilities persist," Clarke said. "The White House has begun to take critical steps to fill in the gaps, but more can be done."
Clarke and Gillibrand have proposed legislation to increase international cooperation to address cyber crime. Clarke said she and Thompson are drafting comprehensive cybersecurity legislation, though she provided no details. "There is no doubt that cybersecurity is one of the most urgent matters that Congress must address before adjourning this fall," she said.
In his letter, Powner wrote that challenges in U.S. leadership, strategy and coordination have hampered the nation's ability to promote cyberspace-related technical standards and policies and establish global cyber incident response capabilities consistent with its national economic and national security interests. In addition, he said, U.S. law enforcement efforts to investigate and prosecute crime have been complicated by the differing national legal systems, making it difficult to enforce American criminal and "The United States has been unable to define cyberspace-related norms that may be necessary for guiding a U.S. response to cyber incidents," Powner aid. "Until these challenges are addressed, the United States will be at a disadvantage in promoting its national interests in the realm of cyberspace."
The seven global challenges, according to Powner, are:
- Leadership: Providing top-level leadership that can coordinate across federal entities and forge a coherent national approach.
- Strategy: Developing a comprehensive national strategy that specifies overarching goals, subordinate objectives, activities to support those objectives, and outcome-oriented performance metrics and time frames.
- Coordination: Engaging all key federal entities in order to coordinate policy related to global aspects of cyberspace security and governance.
- Standards and policies: Ensuring that international technical standards and polices do not pose unnecessary barriers to U.S. trade.
- Incident response: Participating in international cyber-incident response, which includes appropriately sharing information without jeopardizing national security.
- Differing law: Investigating and prosecuting transnational cybercrime amid a plurality of laws, varying technical capabilities, and differing priorities.
- Norms: Providing models of behavior that shape the policies and activities of countries, such as defining a country's sovereign responsibility regarding the actions of its citizens.
Powner said the GAO had conversations with Schmidt - who is not identified by name in the letter, only by title - and his staff and they stated the report fails to fully portray their leadership efforts as well as their endeavors to develop a strategy and make improvements regarding interagency coordination. "For example," Powner wrote, "they emphasized their engagement in establishing bilateral relationships with foreign countries, which are essential to developing international consensus on cybersecurity-related issues and gaining wider agreement in the international community."
GAO recommended that Schmidt and his staff:
- Make recommendations to appropriate agencies and interagency coordination committees regarding any necessary changes to more effectively coordinate and forge a coherent national approach to cyberspace policy.
- Develop with the departments of Commerce, Defense, Homeland Security, Justice and State and other relevant federal and nonfederal entities, a comprehensive U.S. global cyberspace strategy;
- Enhance the interagency coordination mechanisms, including the ICI-IPC, by ensuring relevant federal entities are engaged and that their efforts, taken together, support U.S. interests in a coherent and consistent fashion;
- Establish, with DHS, the Department of State, and other key U.S. and international governmental and nongovernmental entities, protocols for working on cyber incident response globally in a manner that is consistent with our national security interests; and
- Determine, in conjunction with the Departments of Defense and State and other relevant federal entities, which, if any, cyberspace norms should be defined to support U.S. interests in cyberspace and methods for fostering such norms internationally.