US government cybersecurity efforts are being hampered by a need to better define the roles of the agencies responsible for defending against cyber threats, a US Congressional watchdog said Friday.
WASHINGTON (AFP) –The need for more clearly defined responsibilities for agencies tasked with defending against cyberattacks was one of a number of "challenges" to effective cybersecurity raised in the report by the Government Accountability Office.
The GAO report looked at the Comprehensive National Cybersecurity Initiative (CNCI), which was launched by former US president George W. Bush in 2008 to reduce vulnerabilities and protect federal systems against cyberattack.
In its report, the GAO cited "defining roles and responsibilities" as among the "challenges" to cybersecurity efforts.
"Federal agencies have overlapping and uncoordinated responsibilities for cybersecurity, and it is unclear where overall responsibility for coordination lies," the GAO said.
Other challenges raised by GAO were "coordinating actions with international entities" and "establishing an appropriate level of transparency."
"The federal government does not have a formal strategy for coordinating outreach to international partners for the purposes of standards setting, law enforcement, and information sharing," the GAO said.
"Few of the elements of CNCI have been made public, and the rationale for classifying related information remains unclear, hindering coordination with private sector entities and accountability to the public," the GAO said.
"Until these challenges are adequately addressed, there is a risk that CNCI will not fully achieve its goal to reduce vulnerabilities, protect against intrusions, and anticipate future threats against federal executive branch information systems," it said.
The White House took issue with the GAO's conclusion that the roles of the various agencies tasked with cybersecurity were not well defined.
In a letter to the director of the GAO, Chief Information Officer Vivek Kundra said "the roles and responsibilities of agencies participating in the CNCI are clearly defined."
Kundra also pointed out that President Barack Obama had made cybersecurity a top priority of his administration, had conducted a 60-day cybersecurity review and had appointed an overall cybersecurity coordinator in December.
On Tuesday, cybersecurity coordinator Howard Schmidt announced that the White House was declassifying elements of the CNCI and was seeking to strengthen its cybersecurity partnership with the private sector.
"We can't ask industry to help government and government can't help industry if we don't have transparency," Schmidt told a cybersecurity conference in San Francisco.