GAO: Feds still lack security research agenda

The federal government does a lot of research and development work in information security, but its efforts still lack a coherent focus, according to a Government Accountability Office report.

The primary problem is that the government has not developed an overarching R&D agenda, the report states. Numerous agencies are actively researching security issues, but they are not coordinating their work. Those agencies also need to do a better job of sharing information about their research with one another and with industry, according to GAO.

"Until these issues are addressed, federal research for cybersecurity and information assurance may not keep pace with the increasing number of threats and vulnerabilities," GAO auditors wrote in the cover letter to their report, provided to Rep. Tom Davis (R-Va.), chairman of the House Government Reform Committee.

The idea of a research agenda stems from the National Strategy to Secure Cyberspace, published in 2003. According to that report, the federal government should develop a road map for addressing identified gaps in security research.

The 2003 report recommends looking at research requirements in three segments: near term (one to three years), midterm (three to five years) and long term (five years or more). GAO auditors are not so concerned about near-term efforts. But the lack of an agenda "increase[s] the risk that mid- and longer-term research priorities may not be achieved," the GAO report states.

GAO says agencies have made some progress in recent years. For example, they created an interagency working group to focus on security research and published a federal plan for guiding their research.

But that plan falls short of being the comprehensive agenda the government requires, auditors concluded. The agenda should outline specific milestones for conducting research, specify goals and measures for evaluating that work, and assign responsibilities for carrying it out.

GAO recommends that the director of the Office of Science and Technology Policy establish a timeline for developing such an agenda.

Featured

  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.