A presidential directive made law in last year’s US defense policy bill passed responsibility for cyber risk management across 16 critical infrastructure sectors to nine agencies
Several US federal agencies tasked with measuring and assessing cybersecurity standards have neglected duties in this area, a report recently published by the Government Accountability Office (GAO) said.
The report follows a 2013 presidential directive that passed into law in last year’s US defense policy bill, handing responsibility for cyber risk management to nine agencies across 16 critical infrastructure sectors. Those agencies include the departments of Agriculture, Defense, Energy, Health and Human Services, Transportation, Treasury and Homeland Security, as well as the Environmental Protection Agency, and the General Services Administration.
Yet, of the 16 critical infrastructure sectors the departments were meant to assess for the adoption of cybersecurity standards, 13 where found to consist of incomplete checks, as reported by Government Executive.
Specifically, GAO said agencies had failed to confirm sectors’ compliance with a framework…
