GAO: CISA Should Assess Own Efforts to Protect Communications Sector

The Cybersecurity and Infrastructure Security Agency should assess the effectiveness of its efforts to protect the communications sector, a government watchdog said in a report.

The Government Accountability Office said that the communications sector is facing physical and cyber threats at the local, regional and national levels.

CISA is the agency most responsible for ensuring the resilience of the communications industry, which is one of the 16 sectors recognized by the Department of Homeland Security as critical infrastructure, GAO said Tuesday.

DHS defines critical infrastructure sectors as those whose assets, systems and networks are essential for security, national economic security or public health and safety.

GAO said that CISA mainly supports the communications sector through incident management and information-sharing activities.

The agency also coordinates federal activities during critical events such as extreme weather and cyber incidents.

However, CISA can do more by determining whether or not its cybersecurity programs and services are benefiting the organizations that need them most, GAO said.

The watchdog also recommended that CISA identify members of the sector that are underrepresented in its information-sharing activities and services.

GAO said that CISA has also not updated the 2015 Communications Sector-Specific Plan, which should be updated every four years as per DHS guidance.

The current plan lacks information on current and emerging threats to the sector’s supply chain as well as disruptions to position, navigation and timing services.

DHS has concurred with GAO’s recommendations for CISA to evaluate its support for the sector and revise its sector-specific plan.