GAO Observes Slow Implementation of Cybersecurity Recommendations Among Federal Agencies

The Government Accountability Office said federal departments have implemented less than half of the cybersecurity recommendations it issued since 2010.

According to a GAO report issued on Thursday, federal agencies have been slow in implementing recommendations, and the lackluster pace should be a sign for the Biden administration to release a national cybersecurity strategy with effective oversight. GAO said the strategy should have key performance measures, which were absent in former President Donald Trump’s 2018 cybersecurity strategy.

GAO also recommended that the General Services Administration and the Office of the National Cyber Director update their security plans, CyberScoop reported Thursday.

One of the concerns that GAO highlighted in its report is that no federal agency has fully implemented recommendations on supply chain management. The oversight body also noted that the Office of Management and Budget and the Department of Homeland Security only partially addressed cybersecurity workforce shortage issues.

Another issue is the failure to set up performance metrics for operational technology security and internet-connected device security, although GAO noted that efforts for OT and internet-connected device security are underway.

GAO is also calling for efforts to mitigate global supply chain risks and ensure the security of emerging technologies.

The Biden administration’s forthcoming cybersecurity strategy is expected to cover cybersecurity regulations for critical infrastructure organizations. The strategy was envisioned after policymakers called for an end to voluntary recommendations for vital industries and follows several high-profile cyberattacks on critical infrastructure.