Despite recent efforts to enhance its cybersecurity capabilities, the Defense Department lacks the ability to meet current cybersecurity threats and the means to keep up with future threats, according to a new report by the General Accounting Office.
The report states that DOD’s decentralized approach to cybersecurity, including a lack of unified policy, has been a primary reason why the DoD has not been able to protect the nation’s critical infrastructure.
“DOD has identified some cyberspace capability gaps, but it has not completed a comprehensive, department-wide assessment of needed resources, capability gaps, and an implementation plan to address any gaps,” the report stated.
While the DoD is currently addressing these issues, including the establishment of the U.S. Cyber Command to integrate operations, there is still no established method to address cybersecurity operations. There are also insufficient discussions on cybersecurity and no timetable for updating existing doctrines or decision-making processes, the report stated.
The U.S. Strategic Command has identified that the DOD’s cyber workforce is “undersized and unprepared to meet the current threat, which is projected to increase significantly over time,” the report stated. Making the problem worse is the fact the Defense Department has not created a funding strategy to address cybersecurity issues.
The GAO made numerous recommendations to the DoD in the report including:
- Evaluate how it is organized to address cybersecurity threats
- Assess the extent to which it has developed joint doctrine that addresses cyberspace operations
- Examine how it assigns command and control responsibilities
- Determine how it identifies and acts to mitigate key capability gaps involving cyberspace operations