Cyberspace:

United States Faces Challenges in Addressing Global Cybersecurity and Governance

GAO-10-606, Jul 2, 2010

Additional Materials:

Contact:

David A. Powner
(202) 512-9286
contact@gao.gov

 

Office of Public Affairs
(202) 512-4800
youngc1@gao.gov

Recent foreign-based intrusions on the computer systems of U.S. federal agencies and commercial companies highlight the vulnerabilities of the interconnected networks that comprise the Internet, as well as the need to adequately address the global security and governance of cyberspace. Federal law and policy give a number of federal entities responsibilities for representing U.S. cyberspace interests abroad, in collaboration with the private sector. More recently, the President appointed a national Cybersecurity Coordinator charged with improving the nation's cybersecurity leadership. GAO was asked to identify (1) significant entities and efforts addressing global cyberspace security and governance issues, (2) U.S. entities responsible for addressing these issues and the extent of their involvement at the international level, and (3) challenges to effective U.S. involvement in global cyberspace security and governance efforts. To do this, GAO analyzed policies, reports, and other documents and interviewed U.S. government and international officials and experts from over 30 organizations.

There are a number of key entities and efforts with significant influence on international cyberspace security and governance. The organizations range from information-sharing forums that are nondecision-making gatherings of experts to private organizations to treaty-based, decision-making bodies founded by countries. Their efforts include those to address topics such as incident response, technical standards, and law enforcement cooperation. For example, the International Organization for Standardization is a nongovernmental organization that develops and publishes international standards, including those related to cybersecurity, through a consensus-based process involving a network of the national standards bodies of 162 countries. A number of U.S. federal entities have responsibilities for, and are involved in, international cyberspace governance and security efforts. Specifically, the Departments of Commerce, Defense, Homeland Security, Justice, and State, among others, are involved in efforts to develop international standards, formulate cyber-defense policy, facilitate overseas investigations and law enforcement, and represent U.S. interests in international forums. Federal entities have varying roles among organizations and efforts with international influence over cyberspace security and governance, including engaging in bilateral and multilateral relationships with foreign countries, providing personnel to foreign agencies, leading or being a member of a U.S. delegation, coordinating U.S. policy with other U.S. entities through the interagency process, or attending meetings. The global aspects of cyberspace present key challenges to U.S. policy. Until these challenges are addressed, the United States will be at a disadvantage in promoting its national interests in the realm of cyberspace. GAO recommends that the national Cybersecurity Coordinator address challenges including developing a comprehensive national global cyberspace strategy. The national Cybersecurity Coordinator and his staff generally concurred with the recommendations and stated that actions are already being taken.

Status Legend:

More Info
  • Review Pending-GAO has not yet assessed implementation status.
  • Open-Actions to satisfy the intent of the recommendation have not been taken or are being planned, or actions that partially satisfy the intent of the recommendation have been taken.
  • Closed-implemented-Actions that satisfy the intent of the recommendation have been taken.
  • Closed-not implemented-While the intent of the recommendation has not been satisfied, time or circumstances have rendered the recommendation invalid.
    • Review Pending
    • Open
    • Closed - implemented
    • Closed - not implemented

    Recommendations for Executive Action

    Recommendation: To address the challenges identified, the Special Assistant to the President and Cybersecurity Coordinator, in collaboration with other federal entities and the private sector, should establish, with DHS, the Department of State, and other key U.S. and international governmental and nongovernmental entities, protocols for working on cyber incident response globally in a manner that is consistent with our national security interests.

    Agency Affected: Executive Office of the President: Office of the Chief of Staff: Office of the National Security Advisor: Office of the Chief of Staff: Cybersecurity

    Status: Review Pending

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

    Recommendation: To address the challenges identified, the Special Assistant to the President and Cybersecurity Coordinator, in collaboration with other federal entities and the private sector, should enhance the interagency coordination mechanisms, including the Information and Communications Infrastructure Interagency Policy Committee (ICI-IPC), by ensuring relevant federal entities are engaged and that their efforts, taken together, support U.S. interests in a coherent and consistent fashion.

    Agency Affected: Executive Office of the President: Office of the Chief of Staff: Office of the National Security Advisor: Office of the Chief of Staff: Cybersecurity

    Status: Review Pending

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

    Recommendation: To address the challenges identified, the Special Assistant to the President and Cybersecurity Coordinator, in collaboration with other federal entities and the private sector, should Develop with the Departments of Commerce, Defense, Homeland Security, Justice, and State and other relevant federal and nonfederal entities, a comprehensive U.S. global cyberspace strategy that (1) articulates overarching goals, subordinate objectives, specific activities, performance metrics, and reasonable time frames to achieve results; (2) addresses technical standards and policies while taking into consideration U.S. trade; and (3) identifies methods for addressing the enforcement of U.S. civil and criminal law.

    Agency Affected: Executive Office of the President: Office of the Chief of Staff: Office of the National Security Advisor: Office of the Chief of Staff: Cybersecurity

    Status: Review Pending

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

    Recommendation: To address the challenges identified, the Special Assistant to the President and Cybersecurity Coordinator, in collaboration with other federal entities and the private sector, should make recommendations to appropriate agencies and interagency coordination committees regarding any necessary changes to more effectively coordinate and forge a coherent national approach to cyberspace policy

    Agency Affected: Executive Office of the President: Office of the Chief of Staff: Office of the National Security Advisor: Office of the Chief of Staff: Cybersecurity

    Status: Review Pending

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

    Recommendation: To address the challenges identified, the Special Assistant to the President and Cybersecurity Coordinator, in collaboration with other federal entities and the private sector, should determine, in conjunction with the Departments of Defense and State and other relevant federal entities, which, if any, cyberspace norms should be defined to support U.S. interests in cyberspace and methods for fostering such norms internationally.

    Agency Affected: Executive Office of the President: Office of the Chief of Staff: Office of the National Security Advisor: Office of the Chief of Staff: Cybersecurity

    Status: Review Pending

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

    Feb 20, 2013

    Feb 1, 2013

    Sep 27, 2012

    Sep 18, 2012

    Aug 20, 2012

    Jul 17, 2012

    Jun 28, 2012

    Apr 24, 2012

    Feb 28, 2012

    Nov 8, 2011

    Looking for more? Browse all our products here