The Government Accountability Office reports that while every agency submitted a plan or documentation in lieu of a plan, only four of those 18 fully developed plans addressed all of OMB's criteria.
And no agency has updated their plans since 2004.
In December 2003, President Bush issued Homeland Security Presidential Directive-7, calling for agencies to identify, prioritize and protect the United States' critical infrastructure and key resources. Among the things HSPD-7 called for was for agencies to submit to OMB plans for protecting the cyber and other critical infrastructure that they own or operate. The directive also required that these plans address identification, prioritization, protection and contingency planning, including recovery of essential capabilities.
"While none of the 2004 plans have since been updated, subsequent cyber CIP planning efforts by one-third of the agencies have yielded additional steps toward these goals," the reports states. "However, continuing shortfalls in these planning efforts highlight that more remains to be done to ensure cyber CIP plans are developed in a comprehensive manner."
Auditors find that OMB and the agencies each share some of the blame for the lack of progress with these plans.
GAO says OMB "has not made these plans a priority and managed them as such by, for example, following up on a regular basis to assess whether agencies have updated their plans to fully address OMB requirements and are effectively implementing them."
Meanwhile, agencies failed to continually plan to protect their critical infrastructure.
GAO made several recommendations, including asking agencies to update their current plans and more oversight and follow-up by OMB.
OMB's Office of the Administrator for E-Government and IT offered oral comments to GAO's findings and agreed with the conclusions.
"Without more sustained leadership, management, and oversight in this area, there is an increased risk that federal agencies individually, and the federal government collectively, will not, among other things, effectively identify, prioritize, and protect their cyber critical assets, thus leaving them potentially vulnerable to deliberate efforts to destroy, incapacitate or exploit them," GAO states.
-----
On the Web:
- GAO - OMB leadership needed to strengthen agency planning efforts to protect federal cyber assets (pdf)
- ederalNewsRadio - INSA: public, private sectors should work together on cybersecurity
- FederalNewsRadio - Lawmakers give DHS role in protecting electric grid
Autor(en)/Author(s): Jason Miller
Quelle/Source: FederalNewsRadio, 17.11.2009
Bitte besuchen Sie/Please visit:
