The Defense Department unveiled its sweeping cybersecurity proposal a little more than a week ago. Now, a recently declassified Government Accountability Office report shows just how much the Pentagon is up against in its efforts to better coordinate its cyber capabilities.
The report, which was originally prepared in May 2010 and declassified today – thus pre-dating the most recent Pentagon plan – aimed to address how DoD is organized with regard to cybersecurity. The answer: not very.
DoD’s organization to address cybersecurity threats is “decentralized and spread across various offices,” GAO found, including the Office of the Secretary of Defense, the Joint Staff and the military.
And while there have been several attempts at publishing joint strategies for addressing cyberspace operations, GAO found that “the discussions are insufficient, and no single joint publication completely addresses cyberspace operations.”
GAO also identified so-called cyber “capability gaps,” which the watchdog agency said the Pentagon has not done enough to address.
DoD “has not completed a comprehensive, departmentwide assessment of needed resources, capability gaps and an implementation plan for addressing any gaps,” GAO said.
On the other hand, the launch of U.S. Cyber Command last year was lauded by GAO as an example of the Pentagon taking “proactive measures” at integrating cyberspace operations. “However, it is too early to tell if these changes will help DoD better address cybersecurity threats,” which emanate from hostile foreign powers, as well as hackers and terrorists, the agency said.
In its list of recommendations, GAO said DoD should set a timeframe to either complete a separate joint cyberspace publication or update the existing ones on the books. The Pentagon should also clarify “command and control relationships” regarding cyberspace, review its cyber capability gaps and develop a plan (including a funding strategy) to fill them.