[ISN] Cybersecurity program has serious defects, GAO says

[InfoSec News]

http://gcn.com/articles/2010/03/08/cnci-assessment-030810.aspx

By William Jackson
GCN.com
March 08, 2010

Implementing the Comprehensive National Cybersecurity Initiative, a 
broad program intended to protect the nation.s cyber infrastructure, has 
been hampered by a lack of coordination and transparency, according to 
the Government Accountability Office.

"CNCI is unlikely to fully achieve its goal of reducing potential 
vulnerabilities, protecting against intrusion attempts, and anticipating 
future threats to federal information systems unless roles and 
responsibilities for cybersecurity activities across the federal 
government are more clearly defined and coordinated," the GAO concluded 
in a November briefing to the staff of the House Armed Services 
subcommittee on Terrorism, Unconventional Threats and Capabilities.

The GAO also concluded that too much of the initiative, which was 
spelled out in National Security Presidential Directive 54 and Homeland 
Security Presidential Directive 23, has remained classified.

"Since the approval of NSPD-54/HSPD-23, few elements of CNCI have been 
made public," the GAO briefing said. "While certain aspects and details 
of CNCI must necessarily remain classified, the lack of transparency 
regarding CNCI projects hinders accountability to Congress and the 
public. In addition, current classification may make it difficult for 
some agencies, as well as the private sector, to interact and contribute 
to the success of CNCI projects."

[...]