TLDR:
- The U.S. Government Accountability Office (GAO) is urging the Office of the National Cyber Director (ONCD) to strengthen the implementation of the national cybersecurity strategy.
- The GAO recommends adding outcome-oriented performance measures and providing cost estimates for cybersecurity initiatives.
The U.S. Government Accountability Office (GAO) has called on the Office of the National Cyber Director (ONCD) to improve the implementation of the national cybersecurity strategy. The GAO has recommended that the ONCD adds outcome-oriented performance measures and provides cost estimates for cybersecurity initiatives.
The GAO’s recommendation for outcome-oriented performance measures was accepted by the ONCD, highlighting the need for better measurements to gauge the effectiveness of cybersecurity actions. However, the recommendation for providing cost estimates was rejected due to complexities in the budget process.
Without outcome-based performance measures, the GAO warns that the ONCD and other implementing agencies will be limited in their ability to assess the effectiveness of actions taken to implement the strategy. Additionally, without estimating the costs of initiatives, there may be challenges in ensuring adequate resources are available for their implementation.
This call for improved implementation of the national cybersecurity strategy comes at a time when organizations are facing increasing challenges in obtaining cybersecurity insurance. Premiums for cybersecurity insurance are steep, and not all policies cover ransomware, which is the leading cause of cyber insurance claims.
Efforts are also underway to relax federal cyber contracting job requirements in order to bolster the cybersecurity workforce. National Cyber Director Harry Coker and the Office of Management and Budget are pushing for the removal of the four-year degree requirement for certain federal cybersecurity contracting positions.
In a positive development for the cybersecurity industry, U.S. cybersecurity startup SimSpace has secured a $45 million investment in a recent funding round.
In Summary:
- The GAO is urging the ONCD to strengthen the implementation of the national cybersecurity strategy by adding outcome-oriented performance measures and cost estimates for initiatives.
- Without these measures, the effectiveness of cybersecurity actions may be difficult to gauge and resources may not be adequately allocated.
- Organizations are facing challenges in obtaining cybersecurity insurance, and not all policies cover ransomware.
- Efforts are being made to relax federal cyber contracting job requirements to strengthen the cybersecurity workforce.