Cybersecurity Coordinator Leadership Lacking, GAO Says
The U.S. lacks a coherent international cybersecurity strategy and needs more leadership from Cybersecurity Coordinator Howard Schmidt to coordinate agencies, said a GAO report released Monday. The lack of leadership is hampering the establishment of U.S.-related standards for cybersecurity, said the report, which pointed to several problems. The federal government hasn’t documented its goals for international cyberspace governance, it said. President Barack Obama’s 2009 Cyberspace Policy Review was supposed to produce near-term international goals but doesn’t set specific activities or timing to accomplish them. Without a comprehensive strategy from the White House, “Congress and the American public will be ill-equipped to assess how, if at all, federal efforts to address the global aspects of cyberspace ultimately support U.S. national security, economic, and other interests,” the report said.
Sign up for a free preview to unlock the rest of this article
Timely, relevant coverage of court proceedings and agency rulings involving tariffs, classification, valuation, origin and antidumping and countervailing duties. Each day, Trade Law Daily subscribers receive a daily headline email, in-depth PDF edition and access to all relevant documents via our trade law source document library and website.
The U.S. Cybersecurity Coordinator’s position was set up to coordinate agencies and forge a national policy. But that effort is still under development, the report said. Federal agencies are not filling the leadership vacuum, it found. The State Department is supposed to lead other federal agencies in setting up global networks and sharing threat information, but officials of the department told GAO only the president or an executive level office can make agencies participate. “Until the Cybersecurity Coordinator provides top-level leadership, there is an increased risk that U.S. agencies will not formulate and coordinate U.S. international cybersecurity-related positions,” the report said.
Federal agencies not only fail to lead but also aren’t coordinating their efforts, the report said. The International Sub-IPC, set up in March 2009 to coordinate international activities involving cybersecurity, isn’t involving key federal agencies such as the FCC. The commission wasn’t represented at Sub-IPC meetings until January, the report said. Instead of driving agency actions, the Sub-IPC emphasizes ensuring that agencies are aware of each others’ activities, it said.
The report recommended the White House and the Cybersecurity Coordinator take actions to develop with federal agencies a national cyberspace policy that sets specific goals, activities, performance metrics and timing, the report said. They also should ensure that federal agencies work together through mechanisms such as the International Sub-IPC meetings, it said. In response, Schmidt and his staff told GAO that the report discounted their leadership efforts. The Cybersecurity Coordinator’s office is creating one-no-one relationships with foreign countries and is improving coordination through the International Sub-IPC process, they told GAO.
The report coincides with a push by Congress for a cybersecurity overhaul this year. Senate Democrats are trying to merge proposals from Commerce Committee Chairman Jay Rockefeller, D-W.Va., and Homeland Security Chairman Joe Lieberman, I-Conn. Committee representatives didn’t get back to use right away to comment.