In a report issued last Friday, the GAO addressed the Comprehensive National Cyber Security Initiative (CNCI), which is a highly secretive initiative launched by the Bush administration in early 2008. The Office was asked to investigate how different federal agencies have been pulled together to plan and coordinate CNCI activities. It was also requested to identify the challenges faced by the initiative into achieving its objectives.
In a report entitled Cybersecurity: Progress Made but Challenges Remain in Defining and Coordinating the Comprehensive National Initiative, the GAO identified several critical challenges.
"Federal agencies have overlapping and uncoordinated responsibilities for cybersecurity, and it is unclear where the full responsibility for coordination lies," the GAO said. This will not please Howard Schmidt, who was appointed US cybersecurity czar almost a whole quarter ago in late December. It is his job to coordinate the federal cybersecurity efforts, and get all agencies working together.
The report also identified shortcomings in measurement processes that would evaluate the CNCI's success, adding that this was not for want of available mechanisms. "While federal agencies have begun to develop effectiveness measures for information security, these have not yet been applied to the initiative," it warned.
The GAO also criticized the level of opacity surrounding the CNCI, adding that the rationale for classifying related information remains unclear. This makes it difficult to coordinate efforts with private sector organizations, which has become a critical part of the Obama administration's cybersecurity drive.
It is still not even clear how much each CNCI should address public education on cybersecurity, the report complained, before outlining other challenges that go beyond the initiative. "The federal government does not have a formal strategy for coordinating outreach to international partners for the purposes of standards setting, law enforcement, and information sharing," it warned. Secondly, federal identity management and authentication mechanisms remain a "significant governmentwide challenge".