Home Cyber Agencies Haven’t Gauged Critical Infrastructure Cybersecurity Thoroughly, says GAO

Agencies Haven’t Gauged Critical Infrastructure Cybersecurity Thoroughly, says GAO

February 26, 2018

The Government Accountability Office reports that, although most U.S. critical infrastructure sectors have taken actions to adopt the NIST Cybersecurity Framework, none of the Sector-Specific Agencies responsible for developing guidance have developed adequate measures of adoption.

SSAs officials blame this on the voluntary nature of framework adoption. The GAO report says that until this is addressed, the SSAs will be unable to assess the success of protection efforts or to determine where to focus limited resources for cyber risk mitigation.

Officials from the Department of Homeland Security, NIST, SSAs, and the sector coordinating councils identified four challenges to cybersecurity framework adoption:

Limited resources;
Lacking knowledge and skills for framework adoption;
Regulatory, industry and other requirements that inhibit adopting the framework; and
Other priorities taking precedence over framework adoption.

More at Federal Times

RELATED ARTICLESMORE FROM AUTHOR

Protester’s Retention Plan Couldn’t Retain Agency’s Interest

Keep ‘Em Wondering: GAO Says Agency Didn’t Need to Explain Everything

Protester Alleged Agency Errored in Only Holding Discussions with the Awardee. Why Did GAO Reject the Protester’s Argument?

RELATED ARTICLES MORE FROM AUTHOR