The GAO has released a new report on cybersecurity [PDF]. The report recommends that “the federal government needs to take the following actions to strengthen U.S. cybersecurity”:
- Effectively implement risk-based entity-wide information security programs consistently over time.Improve its cyber incident detection, response, and mitigation capabilities. The Department of Homeland Security needs to expand the capabilities and support wider adoption of its government-wide intrusion detection and prevention system. In addition, the federal government needs to improve cyber incident response practices, update guidance on reporting data breaches, and develop consistent responses to breaches of PII.
- Expand its cyber workforce planning and training efforts.
- Expand efforts to strengthen cybersecurity of the nation’s critical infrastructures.
- Better oversee protection of personally identifiable information.
What are the chances of this actually happening? Perhaps not good. The report also notes:
Over the past several years, GAO has made about 2,500 recommendations to federal agencies to enhance their information security programs and controls. As of February 2017, about 1,000 recommendations had not been implemented.