The Government Accountability Office (GAO) noted its recent examination of comprehensive cybersecurity strategy and oversight challenges has resulted in a series of recommendations to address the concerns.
The GAO has issued 335 public recommendations regarding cybersecurity and oversight since 2010, with nearly 60 percent of the recommendations not implemented as of December 2022.
The GAO maintains that until the 335 recommendations are fully implemented, federal agencies will be more limited in their ability to protect private and sensitive data.
The GAO has recommended the National Security Council work with relevant federal entities to update cybersecurity strategy documents to include goals, performance measures, and resource information, among other things, and recommended 23 civilian agencies fully implement foundational practices in their organization-wide approaches to ICT supply chain risk management.
Additional recommendations include addressing continuing cybersecurity workforce challenges via a developed government-wide workforce plan and related supporting practices and eight recommendations to the Departments of Energy, Health and Human Services, Homeland Security, and Transportation to establish and use metrics to assess the effectiveness of sector Internet of Things (IoT) and operational technology (OT) cybersecurity efforts and evaluate sector IoT and OT cybersecurity risks.
According to the GAO, the federal government’s cybersecurity infrastructure will need to evolve to address cybersecurity threats.