Despite starts and stops dating back to the early 1990s and frequent references to a national strategy, U.S. cybersecurity remains in jeopardy from the lack of a comprehensive plan that includes accountability to specific outcomes, according to a leading official from the Government Accountability Office.
“The reality is that every administration, honestly since the Clinton administration, has applied effort and priority to trying to coalesce some sort of national strategy—maybe it’s in different shapes and forms, may be in several documents or one—but no one has gotten all the way there and we definitely have not gotten to the point of actually executing a strategy,” said Nick Marinos, a director of information technology and cybersecurity at GAO.
Marinos was participating in a Dec. 9 event Government Executive hosted on the discipline of enterprise risk management, something federal agencies are required to practice in the development of their individual priorities. Agencies’ risk management activities are guided by technical guidance from the National Institute of Standards and Technology, but Marinos said they should also have a big-picture reference to who’s…
