WASHINGTON (2/20/13)--A new Government Accountability Office (GAO) report hones in on the hot topic of cybersecurity, and the study finds that federal agencies and the executive branch need to step up their cybersecurity practices and that a comprehensive, executive branch-level strategy is needed to address online security issues.
The GAO said that the goal of a federal cybersecurity strategy should be to "better ensure that federal departments and agencies are held accountable for making significant improvements in cybersecurity challenge areas, including designing and implementing risk-based programs; detecting, responding to, and mitigating cyber incidents; promoting education, awareness, and workforce planning; promoting [research and development]; and addressing international cybersecurity challenges."
The report noted that credit unions and other financial institutions are already well regulated in this area. The GAO also found that the U.S. Department of Treasury had neither departmental workforce plans nor workforce plans that specially addressed cybersecurity workforce needs.
The Obama administration and the U.S. Congress have both moved to address cybersecurity issues in recent weeks.
An executive order released earlier this month provides a broad, general framework intended to improve "critical infrastructure" cybersecurity coordination and information sharing among government agencies and the private sector. The order does not provide new legal authority. "Critical infrastructure" is not defined in the order, but could potentially include the power grid, financial market exchanges, and telecommunications networks, the Credit Union National Association has noted.
Legislation to improve public/private cybersecurity cooperation was also introduced by House Intelligence Committee Chairman Mike Rogers (R-Mich.) and Ranking Member C.A. Dutch Ruppersberger (D-Md.) last week. The bill, H.R. 624, provides positive authority to the government to provide classified cyber threat information to the private sector, and knocks down the barriers that impede cyber threat information sharing among private sector companies, and between private sector companies and the government, Rogers noted. (See Feb. 14 News Now story: Cybersecurity Order Offers Public/Private Coordination Chances: CUNA)
CUNA continues to work with the National Credit Union Administration, the Financial Services Sector Coordinating Council, BITS, the Treasury and other entities to coordinate on cybersecurity issues, and to ensure that credit unions are not unduly impacted from the cybersecurity framework for critical infrastructure entities. CUNA is also engaged with Congress on any cybersecurity legislation.
For the full GAO report, use the resource link.