GAO Report Finds Need for Strong Cybersecurity Controls across Federal Agencies (with Lofchie Comment)

GAO issued a report in response to recent data breaches at federal agencies. The report offered recommendations to improve government-wide cybersecurity initiatives.

GAO identified a number of challenges faced by federal agencies regarding threats to cybersecurity, including the following:

• designing and implementing a risk-based cybersecurity program;
• enhancing the oversight of contractors who provide IT services;
• improving security-incident-response activities;
• responding to breaches of personal information; and
• implementing cybersecurity programs at small agencies.

In an effort to improve cybersecurity across the federal government, GAO is engaged in a number of current initiatives. These include the establishment of a single standard for forms of identification for federal employees and contractor personnel who access government systems, as well as a government-wide contract for agencies to purchase tools that are intended to identify cybersecurity risks on an ongoing basis. GAO also recommended that agencies establish a "multi-layered, 'defense-in-depth'" approach to security that includes well-trained personnel, consistently applied processes and appropriate technologies.

Lofchie Comment: If we had a do-over in retrospect, should we have expended our regulatory and private resources in the way that we did or should we have concentrated on cybersecurity? We can say that it isn't a choice of either/or, but our resources and our attention are both limited.

See: GAO Report.