We reported earlier this month on comments from President Barack Obama at his annual State of the Union address, in which the commander-in-chief explained his cybersecurity executive order. That initiative aims to align data between the public and private entities in the battle against cyberterrorism.
Now, one government agency has implored the White House to develop a fresh framework for its government IT security infrastructure. The Government Accountability Office released an exhaustive report, titled “Cybersecurity: National Strategy, Roles, and Responsibilities Need to Be Better Defined and More Effectively Implemented,” that dove into the subject.
A GAO analysis found that the number of cybersecurity incidents reported to the U.S. Computer Emergency Readiness Team has increased by 782 percent over the past six years. More than 48,000 such incidents were reported last year, up from around 43,000 in 2011 and significantly higher than that 5,500 reported in 2006.
The report noted that the federal government has not adequately established benchmarks for success, defined roles and responsibilities and a system for evaluating and resourcing costs related to cybersecurity.
“GAO recommends that the White House Cybersecurity Coordinator develop an overarching federal cybersecurity strategy that includes all key elements of the desirable characteristics of a national strategy,” the report said. “Such a strategy would provide a more effective framework for implementing cybersecurity activities and better ensure that such activities will lead to progress in cybersecurity.”
Though the GAO analysis revealed considerable gaps in the federal government’s security strategy, the evaluation is an important first step toward a stronger unified approach. It’s an example merchants can learn from, and support from experienced card processing software providers can help these retailers evaluate their own security strategies to ensure compliance with best practices and regulations required by the Payment Card Industry Data Security Standard (PCI DSS).