The U.S. Government Accountability Office (GAO) recently released a report that examined the efficiency and effectiveness of the National Cybersecurity and Communications Integration Center (NCCIC) of the Department of Homeland Security, finding that NCCIC needs a clearer evaluation process of its functions.
As required by the National Cybersecurity Protection Act, NCCIC performs 11 cybersecurity functions, including being a civilian interface for sharing cybersecurity-related information with federal and nonfederal entities and developing programs that monitor federal network traffic and analyze network weakness and threats. The NCCIC is also required to perform its functions in accordance with nine principles laid out in the protection act.
The GAO found that NCCIC adherence to the principles is inconsistent and the extent of its evaluation process as well as the applicability of the principles to all functions is unclear or nonexistent.
It was also noted that there are several factors hindering the center’s ability to efficiently perform certain cybersecurity functions. One such example was the inability of center officials to fully track or consolidate reported cyber incidents, which restricts their ability to successfully share the information across the government.
Recommendations made by the GAO included determining accurate applicability of required principles to NCCIC functions and establishing a metrics and methods for evaluating function performance.