The Government Accountability Office said in a new report that the federal government must establish a comprehensive cybersecurity strategy to protect assets and critical infrastructure from state-sponsored cyberattacks.
GAO reiterated the importance of fully implementing the 335 public recommendations it has made on developing a comprehensive strategy since 2010 and noted that about 190 of them have not been executed as of December 2022.
“Until these are fully implemented, federal agencies will be more limited in their ability to protect private and sensitive data entrusted to them,” the report states.
According to the government watchdog, the 2018 National Cyber Strategy and the National Security Council’s 2019 Implementation Plan did not fully address the desirable characteristics of national strategies in terms of problem definition and risk assessment, goals and performance measures and resources and investments.
GAO recommends that the National Security Council collaborate with partner agencies to update cybersecurity strategy documents to address said characteristics.
To boost the nation’s cyber defenses, the federal government must also mitigate global supply chain risks, address the cyber skills gaps and ensure the security of emerging technologies, per the report.
