The Government Accountability Office (GAO) has identified 91 open priority recommendations to the Defense Department (DoD) – the highest number outstanding for all Federal agencies – with cybersecurity as one of the nine major areas DoD should prioritize.
GAO released its priority recommendations for DoD in a letter today, as well as recommendations for the Departments of Health and Human Services and Veterans Affairs. GAO officials said in a podcast today that they were making their recommendation letters to agencies public for the first time.
The letter to DoD specified that the agency had 984 open unclassified GAO recommendations as of Feb. 21, and in April 2018 GAO sent DoD a letter highlighting 85 of those as high priorities. Since then, DoD has implemented fixes on 17 of the items, but GAO since added 21 in its 2019 letter, which highlight, among other areas, issues around cyber security training and adoption of cybersecurity practices.
Of the priority recommendations, GAO highlighted several key cybersecurity areas that DoD should focus on addressing:
- DoD should clarify its roles and responsibilities for defense support of civil authorities during cyber incidents;
- U.S. Cyber Command and the military services should develop plans that assess and identify specific Cyber Mission Force training requirements for all phases of training; and
- DoD should work with sector partners to develop methods of determining the level and type of any cybersecurity framework they adopt.
In addition to the priority recommendations, last month GAO also issued the biennial update to its high-risk program. GAO found five high-risk areas that applied to DoD, two of which were ensuring the cybersecurity of the nation and improving management of IT acquisitions and operations.
GAO underscored it’s critical DoD buckle down on addressing its cybersecurity capabilities, especially because its cyber efforts play an important role in defending other departments and agencies.
“Cyber threats to U.S. national and economic security are increasing in frequency, scale, sophistication, and severity of impact. DOD’s 2013 Strategy for Homeland Defense and Defense Support of Civil Authorities states that DOD must be prepared to defend the homeland and support civil authorities in all domains—including cyberspace—and recognizes that the department plays a crucial role in supporting a national effort to confront cyber threats to critical infrastructure,” GAO said.
Apart from cybersecurity, the other eight priority areas GAO emphasized were: better manage acquisitions and contract management; improve readiness; build capacity to drive enterprise-wide business reform; strengthen defense headquarters data and plan requirements; improve healthcare costs and efficiency; update support infrastructure details to maximize cost and efficiency; create better financial management capabilities; and prevent sexual harassment.