Of the 24 cybersecurity recommendations outlined in the review, only two have been fully implemented, the GAO said in its report.
The two fully implemented recommendations are the appointments of a Special Assistant to the President and Cybersecurity Coordinator responsible for coordinating the nation’s cybersecurity policies and a privacy and civil liberties official.
“Officials from key agencies involved in these cybersecurity efforts…attribute the partial implementation status of the 22 recommendations in part to the fact that agencies are moving slowly because they have not been assigned roles and responsibilities with regard to recommendation implementation. Specifically, although the policy review report calls for the cybersecurity policy official to assign roles and responsibilities, agency officials stated they have yet to receive this tasking and attribute this to the fact that the cybersecurity policy official position was vacant for 7 months”, the GAO report said.
The GAO recommended that the White House designate roles and responsibilities for agencies and develop milestones to measure implementation of the remaining recommendations.
“Until roles and responsibilities are made clear and the schedule and planning shortfalls...are adequately addressed, there is increased risk the recommendations will not be successfully completed, which would unnecessarily place the country’s cyber infrastructure at risk”, the report warned.