Federal Cybersecurity Practices Scrutinized At U.S. House Subcommittee Hearing

William Clarkson V
King & Spalding
Contact
LinkedIn
Facebook
X
Send
Embed

On July 25, 2018, the Subcommittees on Government Operations and Information Technology of the U.S. House of Representatives Oversight and Government Reform Committee (the “Committee”) held a joint hearing entitled “GAO High Risk Focus: Cybersecurity,” with Gene Dodaro, Comptroller General of the Government Accountability Office (“GAO”), and Suzette Kent, Federal Chief Information Officer at the Office of Management and Budget (“OMB”), testifying as witnesses. 

The main purpose of the hearing was to review the GAO’s recent report on existing cybersecurity challenges facing the federal government, its recommendations for addressing them, as well as the Administration’s plan of action. The GAO report highlighted the fact that, since 2010, the GAO has made over 3,000 federal government cybersecurity recommendations, and approximately 1,000 of them still need to be implemented by various federal agencies and entities. This fact was not lost on the subcommittee leaders, with Ranking Member of the Information Technology Subcommittee Rep. Robin Kelly (D-IL) noting that “the Trump administration’s plans failed to include basic components needed to carry out a national strategy for protecting critical cyber infrastructure.” Information Technology Subcommittee Chairman Hurd (R-TX) echoed Ms. Kelly’s concerns regarding the 1,000 outstanding recommendations, stating: “It’s not acceptable given the threat we face. These open, lingering vulnerabilities put us at incredible risk as we saw with the devastating data breaches at OPM.”

In his testimony, Mr. Dodaro touched on each of the four major cybersecurity challenges identified in GAO’s latest report, including:

  • Establishing a comprehensive cybersecurity strategy and performing effective oversight;
  • Securing federal systems and information;
  • Protecting cyber critical infrastructure; and
  • Protecting privacy and sensitive data.

He also highlighted the need to move faster to address these challenges, stating that he didn’t “think that the federal government’s moving at a pace commensurate with the evolving threat in this area.” Ms. Kent, the OMB witness, emphasized the Administration’s focus on addressing federal cybersecurity threats, noting that 37 of the 52 federal information technology modernization tasks identified in the President’s May 2017 Executive Order have been implemented, with the remainder to be completed by the end of the year. However, she also recognized that “there’s still much to do,” especially in the areas of agency cybersecurity risk identification and mitigation. Members in attendance expressed particular interest in federal agencies’ self-reporting practices with respect to information security control assessments. In response, Ms. Kent noted that she has been working with GAO to identify ways in which OMB could automatically extract the relevant data directly from agencies, rather than rely on the existing self-reporting mechanisms. 

We will continue to monitor the Committee’s activities on these issues and provide updates on any significant developments.

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© King & Spalding | Attorney Advertising

Written by:

King & Spalding
King & Spalding
Contact
more
less

King & Spalding on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide