The Government Accountability Office (GAO) said in a report that in order to fully implement the White House’s National Cyber Strategy a “clarity of leadership” is “urgently needed.”
The thrust of the September GAO report echoes a primary recommendation of the Cyberspace Solarium Commission, whose March report said a National Cyber Director is needed in the Executive Office of the President to coordinate the country’s cyber strategy.
The GAO report was requested by the chairmen of that Commission, Sen. Angus King, Jr., I-Maine, and Rep. Mike Gallagher, R-Wis., along with Sens. Ron Johnson, R-Wis., and Gary Peters, D-Mich., and Reps. Carolyn Maloney, D-N.Y., and Jim Langevin, D-R.I., also a Solarium commissioner.
GAO found 23 Federal entities with “roles and responsibilities for developing policies, monitoring critical infrastructure protection efforts, sharing information to enhance cybersecurity across the nation, responding to cyber incidents, investigating cyberattacks, and conducting cybersecurity-related research.”
The National Security Council (NSC) produced an Implementation Plan in June 2019 to delineate how the White House’s September 2018 National Cyber Strategy would be carried out. GAO found that the documents taken together did not fully address cyber “problem definition and risk assessment,” “goals, subordinate objectives, activities, and performance measures,” and “resources, investments, and risk management.”
“Without a consistent approach to engaging with responsible entities and a comprehensive understanding of what is needed to implement all 191 activities, the NSC will face challenges in ensuring that the National Cyber Strategy is efficiently executed,” GAO said.
To Congress, GAO recommended that the body “consider legislation to designate a leadership position in the White House with the commensurate authority to implement and encourage action in support of the nation’s cybersecurity.” This recommendation for White House cyber leadership is in the House’s version of the pending National Defense Authorization Act.
Sen. Angus King, Jr., I-Maine, a co-chairman of the Solarium Commission, made the case to include the position in the final legislation to a Senate cybersecurity panel in August.
GAO also recommended that the NSC work with other Federal entities to update “cybersecurity strategy documents to include goals, performance measures, and resource information, among other things.” The NSC neither agreed or disagreed with GAO’s recommendation.
The GAO report calling for cyber leadership at the White House comes in the same month as another GAO report, which called for the Department of State to coordinate its cyber activities.