In a study conducted to update its identification of information security risk areas, the Government Accountability Office (“GAO”) identified four primary cybersecurity challenges and ten corresponding actions that the federal government and other entities must undertake to address them.
The four challenges are (i) establishing a comprehensive cybersecurity strategy and performing effective oversight, (ii) strengthening federal systems and information, (iii) safeguarding cyber critical infrastructure, and (iv) protecting privacy and sensitive data.
The four actions needed to address the first challenge are:
- developing a more exhaustive federal strategy for national cybersecurity;
- mitigating global supply chain risks;
- addressing cybersecurity workforce management challenges (since the federal government faces challenges with respect to ensuring that the nation’s cybersecurity workforce has the necessary skills); and
- ensuring the security of emerging technologies (such as artificial intelligence and the Internet of Things).
The three actions outlined to deal with the second challenge are:
- improving the implementation of government-wide cybersecurity initiatives;
- addressing weaknesses in federal agency information security programs; and
- bolstering the federal response to cyber incidents.
To confront the third challenge, the GAO identified the need for a more robust federal role in protecting the cybersecurity of critical infrastructure (such as electricity grids and telecommunications networks).
With regard to tackling the fourth challenge, the GAO called for improving federal efforts to protect privacy and sensitive data, limiting the collection and use of personal information, and ensuring that personal information is obtained with appropriate knowledge or consent.
Since 2010, the GAO has made over 3,000 recommendations to federal agencies that relate to mitigating cybersecurity weaknesses. As of July 2018, approximately 1,000 recommendations still need to be implemented.