These are difficult days on the cybersecurity front. On Monday, GAO released a report, Defense Department Cyber Efforts: DOD Faces Challenges In Its Cyber Activities, which raised questions about whether Defense can fully address cyber threats. And just last Friday, over at the Department of Homeland Security, US-CERT Director Randy Vickers abruptly resigned, leaving a key vacancy at the organization in charge of responding to and preventing cyberattacks and sharing information with critical government partners and stakeholders.
In its report, GAO noted that Defense has taken critical steps to address cybersecurity. It stated that it is too soon to determine if those efforts are effective and recommended the department:
- Evaluate how it is organized to address cybersecurity threats;
- Assess the extent to which it has developed joint doctrine that addresses cyberspace operations;
- Examine how it assigned command and control responsibilities; and
- Determine how it identifies and acts to mitigate key capability gaps involving cyberspace operations.
At DHS, little is being said about Vickers' departure. An email released from Acting Assistant Secretary for Cybersecurity and Communications Bobbie Stempfley merely stated "We are confident that our organization will continue its strong performance under his leadership" and wished Vickers well.
As the government attempts to tackle an increasingly noisy and active cybersecurity space, these developments may slow the progress being made in developing a comprehensive approach to cyber. DoD is increasingly positioning itself as a governmental leader on the cyber front. Maybe getting its house in order in accordance with the GAO suggestions would help bolster its place among the cyber leaders in government. Or, alternatively, it could dampen much of the excitement some have had about DoD taking on of tasks in that space.
The departure of Vickers may have little effect on DHS' efforts, unless the coming days reveal that there is more to the story. It does demonstrate, however, the constant turnover on the cyber front within the government. Recruiting and keeping effective talent, even at the senior levels, remains an issue that potentially hinders efforts to move forward on cybersecurity.