The latest entity to call for a coordinator for governmentwide cybersecurity efforts is the Government Accountability Office. In a recent report, it calls on Congress to establish a national cyber coordinator position in the White House.
Nick Marinos, Director of Information Technology and Cybersecurity at GAO, explained that because cyber threats affect everyone, the federal government must take a whole-of-government approach and “coordinate within itself and with the private sector, the state and local governments to really overcome the issues.”
The two goals of the GAO report, Marinos said, were to inform Congress and the American people about how many agencies are involved in protecting the nation from cyber threats, and to look at whether the federal government is implementing a national strategy to address these threats.
The report found 23 entities were responsible for improving national cybersecurity. It also found that, while the White House’s National Cyber Strategy and the National Security Council’s Implementation Plan did have some positives, they also fell short in multiple areas.
Marinos said the GAO’s recommendation “emphasized the importance of having reach across the federal government” for a central cyber coordinator role. This would include influence over budgets and influence on the measurement of progress with implementation of the strategy.
The pandemic has also highlighted the impact cyber threats have on national crises, Marinos explained. “In order for us to be able to get to a vaccine, or for tests to be effectively provided and administered, you need systems to be well-protected … in order to do that, we think it’s important, not only for this administration but future administrations in perpetuity, to have a central authority identified within the White House.”
GAO has been talking about cybersecurity as a major issue area for “nearly the last two decades,” Marinos pointed out, saying, “we think that a central leader is essential to get to that accountability, to ultimately not only address what the strategy says today, but … cyber threats are continually evolving, becoming more sophisticated, so that strategy and implementation has to be updated on a continual basis.”