About | HeinOnline Law Journal Library | HeinOnline Law Journal Library | HeinOnline
LOG IN
LOG IN

GAO-23-106826 1 (2023-06-29)

handle is hein.gao/gaoowa0001 and id is 1 raw text is: U.S. Government to Accountability Office June 2023 Cybersecurity: Launching and Implementing the National Cybersecurity Strategy Threats Highlight the Importance of Estab4hin Leadership in Cybersecurity Federal agencies and our nation's critical infrastructure- such as energy, communications, and financial services- depend on technology systems to carry out fundamental operations and to process, maintain, and report vital information. However, malicious actors are becoming more capable of carrying out cyberattacks, threatening the continuity and integrity of these essential systems. We designated information security as a government-wide high-risk area in 1997 and subsequently expanded it to include the protection of cyber critical infrastructure and the privacy of personally identifiable information. Coordinating the federal government's efforts to address the nation's cybersecurity threats and challenges is urgent and necessary. In September 2020, we reported that the 2018 National Cyber Strategy and its 2019 Implementation Plan did not address all the desirable characteristics of national strategies (e.g., resources, investments, and risk management).1 It was also unclear which official was responsible for coordinating execution of the Implementation Plan. We recommended that the National Security Council update strategy documents to better reflect desirable characteristics of national strategies. We also recommended that Congress consider legislation to designate a leadership position in the White House to support the nation's cyber critical infrastructure, including implementing the Cyber Strategy. The fiscal year 2021 national defense authorization act established the Office of the National Cyber Director (ONCD) within the Executive Office of the President.2 The Senate confirmed a National Cyber Director in June 2021 to serve as the principal advisor to the President on cybersecurity policy and strategy. However, this official resigned from the position in February 2023. In March 2023, the White House issued the National Cybersecurity Strategy, outlining how the administration will manage the nation's cybersecurity through five pillars.3 The pillars focus on, among other things, securing cyber critical infrastructure and disrupting cyber threat actors. 1.2: 1.3: 1.4: 1 G 2.2: 2.3: 2.4: 2.5: 3.2: 3.3: 3.4: 3.5: 3.6: 4.3: 4.4: 4.5: 4.6: 5.2: 5.3: 5.4: Establish cybersecurity requirements to support national security and public safety Scale public-private collaboration Integrate federal cybersecurity centers Update federal incident response plans and processes Modernize federal defenses Integrate federal disruption activities Enhance public-private operational collaboration to disrupt adversaries Increase the speed and scale of intelligence sharing and victim notification Prevent abuse of U.S.-based infrastructure Counter cvbercrime: defeat ransomware Hold the stewards of our data accountable Drive the development of secure Internet of Things devices Shift liability for insecure software products and services Use federal grants and other incentives to build in security Leverage federal procurement to improve accountability Exolore a federal cvber insurance backstoo Secure the technical foundation of the internet Reinvigorate federal research and development for cybersecurity Prepare for our post-quantum future Secure our clean energy future Support development of a digital identity ecosystem Develoo a national strateav to strenathen our cvber workforce Build coalitions to counter threats to our digital ecosystem Strengthen international partner capacity Expand U.S. ability to assist allies and partners Build coalitions to reinforce global norms of responsible state behavior The Administration Needs to Fully Develop and 5.5: Secure global supply chains for information, communications, Implement the National Cybersecurity Strategy operational technology products and services Sources: GAO analysis of the National Cybersecurity Strategy: marinashevchenko/stock.adobe.com (icons In April 2023, we reported that the goals and strategic GAO-23-106826 objectives included in the strategy provide a good foundation for establishing a more comprehensive ' GAO, Cybersecurity: Clarity of Leadership Urgently Needed to Fully Implement the National Strategy, GAO-_20-629 (Washington, D.C.: Sept. 22, 2020). 2 William M. (Mac) Thornberry National Defense Authorization Act for Fiscal Year 2021, Pub. L. No. 116-283, § 1752(a), 134 Stat. 3388, 4144 (2021). 'The White House, National Cybersecurity Strategy. (Washington, D.C.: Mar. 1, 2023). Page 1 GAO-23-106826 I National Cybersecurity Strategy and ). |

What Is HeinOnline?

HeinOnline is a subscription-based resource containing thousands of academic and legal journals from inception; complete coverage of government documents such as U.S. Statutes at Large, U.S. Code, Federal Register, Code of Federal Regulations, U.S. Reports, and much more. Documents are image-based, fully searchable PDFs with the authority of print combined with the accessibility of a user-friendly and powerful database. For more information, request a quote or trial for your organization below.



Contact us for annual subscription options:

Contact Us

Already a HeinOnline Subscriber?

Log In

profiles profiles most