Shows & Panels
- The 2014 Big Picture on Cyber Security
- AFCEA Answers
- Ask the CIO
- Connected Government
- Consolidating Mission-critical Systems
- Constituent Servicing
- Continuous Monitoring: Tools and Techniques for Trustworthy Government IT
- The Data Privacy Imperative: Safeguarding Sensitive Data
- Eliminating the Pitfalls: Steps to Virtualization in Government
- Federal Executive Forum
- Federal Tech Talk
- Government Cloud Brokerage: Who, What, When, Where, Why?
- Government Mobility
- Mission-critical Apps in the Cloud
- Mobile Device Management
- The Modern Federal Threat Landscape
- The Path from Legacy Systems
- Understanding the Intersection of Customer Service and Security in the Cloud
Shows & Panels
GAO decries 'decentralized' DoD cyber efforts
Monday - 7/25/2011, 6:52pm EDT
Federal News Radio
The Defense Department unveiled its sweeping cybersecurity proposal a little more than a week ago. Now, a recently declassified Government Accountability Office report shows just how much the Pentagon is up against in its efforts to better coordinate its cyber capabilities.
The report, which was originally prepared in May 2010 and declassified today - thus pre-dating the most recent Pentagon plan - aimed to address how DoD is organized with regard to cybersecurity. The answer: not very.
DoD's organization to address cybersecurity threats is "decentralized and spread across various offices," GAO found, including the Office of the Secretary of Defense, the Joint Staff and the military.
And while there have been several attempts at publishing joint strategies for addressing cyberspace operations, GAO found that "the discussions are insufficient, and no single joint publication completely addresses cyberspace operations."
GAO also identified so-called cyber "capability gaps," which the watchdog agency said the Pentagon has not done enough to address.
DoD "has not completed a comprehensive, departmentwide assessment of needed resources, capability gaps and an implementation plan for addressing any gaps," GAO said.
On the other hand, the launch of U.S. Cyber Command last year was lauded by GAO as an example of the Pentagon taking "proactive measures" at integrating cyberspace operations. "However, it is too early to tell if these changes will help DoD better address cybersecurity threats," which emanate from hostile foreign powers, as well as hackers and terrorists, the agency said.
In its list of recommendations, GAO said DoD should set a timeframe to either complete a separate joint cyberspace publication or update the existing ones on the books. The Pentagon should also clarify "command and control relationships" regarding cyberspace, review its cyber capability gaps and develop a plan (including a funding strategy) to fill them.
DoD agreed with the recommendations.