New report says federal government lacks comprehensive cybersecurity strategy

A new watchdog report is revealing the federal government still lacks a comprehensive strategy to protect critical infrastructure against cyber-attacks, despite years of calls for recommended changes.

According to the report from the U.S. Government Accountability Office (GAO), the agency has made around 335 public recommendations to improve cybersecurity protections since 2010, but the federal government still hasn’t implemented more than half of those recommendations as of last month.

“Until the federal government fully develops and implements a comprehensive national strategy, it will not have a clear roadmap for overcoming the cyber challenges facing our nation,” the report said.

Major systems are at risk of cyber attacks.

“Our energy, healthcare and financial systems, they all face cyber risks from malicious actors,” Marisol Cruz Cain, a Director in the Information Technology and Cybersecurity Team for GAO said. “Attacks like these could cause serious harm to people, our environment, national security and most importantly our economy.”

The report points to concerns with a cybersecurity workforce shortage and said federal agencies need to do a better job of securing internet-connected devices.

“Phones, connected refrigerators, televisions, apps that you have on your phone, and what we’ve been asking the federal government to do is come up with a comprehensive plan as to protect the security of those devices,” Cain said.

The government is continuing to work on making these recommended changes, according to the report.

“As of August 2022, according to the Office of the National Cyber Director, the development of a national cybersecurity strategy by the administration is underway,” the report said. “The office noted that it is obtaining feedback on the strategy from many other federal entities, including the National Security Council, on this effort.”