Flawed DOD cyber strategy adds to network vulnerabilities: GAO
A decentralized approach, a shortage of cybersecurity workers and the lack of a funding strategy are hurting the Defense Department's cyber efforts, a GAO report concludes.
Despite recent efforts to shore up its approach to cybersecurity, the Defense Department is behind the game, lacking the ability to meet current threats and the means to keep pace with future threats, the General Accounting Office concludes in a new report.
The report, released July 25, states that DOD’s decentralized approach to cybersecurity, including a lack of unified policy, is a major contributor to its network vulnerabilities.
While the DOD is proactively addressing the issues, including the establishment of U.S. Cyber Command to integrate operations, department officials admit that they have no single publication to completely address their cyberspace operations; there are insufficient discussions on the topic and no timetable for updating their existing doctrines or decision-making process.
Furthermore, the department’s cyber workforce is “undersized and unprepared to meet the current threat, which is projected to increase significantly over time,” the report states. Compounding the problem is that the department has not created a funding strategy to address its cyber security issues.
GAO also found that DOD’s newly developed personnel reporting structure for a unified approach to cybersecurity is vague enough to be potentially inadequate.
“It remains unclear whether these [cybersecurity] gaps will be addressed, since DOD has not conducted a more comprehensive department-wide assessment of cyber-related capability gaps or established an implementation plan or funding strategy to resolve any gaps that may be identified,” GAO said.
Although DOD’s cyber defense activities have been around for a while, its push toward a unified approach is new. Recently, GCN reported that DOD and the Homeland Security Department are working together to protect cyberspace, under an evolving plan in which DHS has primary responsibility for civilian networks.
Deputy Defense Secretary William Lynn also announced July 14 the department’s new strategy for defending U.S computer networks, saying, “it is only one part of the department’s first-ever Strategy for Operating in Cyberspace.”