U.S. cybersecurity R&D needs a master plan

United States doesn't have prioritized national cybersecurity research and development agenda, GAO says

The federal government’s cybersecurity research and development programs lack needed leadership and coordination, according to government auditors.

According to the Government Accountability Office, the government doesn’t have a prioritized national cybersecurity research and development agenda. Officials also don't have the ability to track all active and completed cybersecurity programs and a process to sufficiently share key information between government and industry, auditors wrote in a report released today.

“Without a current national cybersecurity R&D agenda, the nation is at risk that agencies and private sector companies may focus on their individual priorities, which may not be the most important national research priorities,” auditors wrote.

GAO said although the White House’s Office of Science and Technology Policy (OSTP) and its multi-agency coordination body named the Subcommittee on Networking and Information Technology Research and Development (NITRD) have recently tried to improve coordination, key problems remain. The lack of a national agenda makes it more likely that programs won’t reflect national priorities, important decisions will be postponed, and agencies will lack overall direction, GAO said.


Related stories

National Cybersecurity Initiative R&D effort launched

A House insider's view of U.S. cybersecurity policy


To fix the problems, the auditors recommended that the head of OSTP and the White House’s cybersecurity coordinator direct NITRD to:

  • Develop a comprehensive national R&D agenda that contains priorities for short-term, mid-term, and long-term complex cybersecurity R&D, input from industry and academia, and is consistent with an updated national cybersecurity strategy.
  • Tell the cybersecurity coordinator about shortages in the cybersecurity field so that information can be used to update the national cybersecurity strategy to correct personnel weaknesses.
  • Work with Office of Management and Budget to develop a way to keep track of all ongoing and completed federal cybersecurity R&D projects and their funding.
  • Use that new tracking mechanism to develop an ongoing process to make federal R&D information available to agencies and industry.

Officials from OMB and OSTP said they believe an agenda is contained in existing documents, according to GAO. However, the auditors said the documents are either outdated or lack appropriate detail.

In response, the science office wrote, “While [OSTP] cannot concur with certain of the findings in [the report], current OSTP actions and plans are in line with GAO’s Recommendations for Executive Action and [OSTP] can fully support these recommendations.”

 

About the Author

Ben Bain is a reporter for Federal Computer Week.

Featured

  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.