Joe Kirschbaum, director of defense capabilities and management issues at the Government Accountability Office (GAO), told Federal News Network in an interview posted Wednesday about GAO’s assessment of the Department of Defense’s three cyber hygiene efforts.
GAO looked at DoD’s defense to cybersecurity culture and compliance initiative, cyber discipline plan and cyber awareness training and Kirschbaum said the office found lapses in tracking the implementation of cyber hygiene-related tasks.
“So I’m not suggesting that we found like an absolute hole in cybersecurity,” Kirschbaum told Federal Drive host Tom Temin. “What we did find was incomplete understanding of the extent to where some of these things are done. And some of these are basic cybersecurity practices, making sure you’ve got the principles throughout the department imputing all the training at the right levels, making sure you’re following through with who’s supposed to be doing that training.”
Kirschbaum noted that GAO recommended that the Pentagon follow through on those cyber hygiene initiatives. “And we want them to follow through on those things, to track the things that need to be tracked and to make sure that the department’s leadership is aware of those things and the status of those things so they can make those risk management decisions,” he added.