US Must Take Further Steps For Cyber Security

The White House still has work to do to protect U.S. cyber infrastructure from attack, according to a government watchdog agency.

R&D of cyber security technology is essential to creating a broader range of choices and more robust tools for building secure, networked computer systems in the federal government and in the private sector, says a new report from the Government Accountability Office (GAO), the nonpartisan investigative arm of Congress.

The number of malicious computer attacks has increased with the growing number of vulnerabilities. In 2000, the CERT Coordination Center (CERT/CC) received 1,090 reports of security vulnerabilities. By 2005, this number had more than quadrupled to 5,990. GAO notes that the CERT/CC is a center of Internet security expertise at the Software Engineering Institute, a federally funded research and development center operated by Carnegie Mellon University.

The National Strategy to Secure Cyberspace identifies national priorities to secure cyberspace, including a federal R&D agenda.

"However, a federal cyber security research agenda has not been developed as recommended in the National Strategy to Secure Cyberspace and the federal plan did not fully address certain key elements," the GAO report says.

Federal entities have taken several important steps to improve the oversight and coordination of federal cyber security R&D, although limitations remain, GAO found. Actions taken include chartering an interagency working group to focus on cyber security research, publishing a federal plan for guiding this research, reporting budget information for this research separately, and maintaining repositories of information on R&D projects.

However, the White House Office of Management and Budget (OMB) had not issued guidance to ensure that agencies provided all information required for the repositories. As a result, information needed for oversight and coordination of cyber security research activities was not readily available, GAO says.

GAO recommends that the White House Office of Science and Technology Policy establish timelines for developing a federal agenda for cyber security research. GAO also recommends that OMB issue guidance to agencies for providing cyber security research data to repositories.