An audit report by the Department of Homeland Security’s Office of Inspector General found that the agency “has made progress” in a number of areas including sharing information with government and public scetor stakeholders, raising cybersecurity awareness and implementing cybersecurity education programs. The OIG report also found, however, that “significant work remains to address the open actions and recommendations and attain the goals outlined in the Strategy, National Infrastructure Protection Plan, and Comprehensive National Cybersecurity Initiative.”
Of particular note, the OIG found that DHS’ Office of Cybersecurity and Communications (CS&C) has not yet developed:
- A Strategic Implementation Plan To Achieve Its Cybersecurity Mission; and
- Performance Criteria and Metrics.
The report concludes:
The OIG audit report is attached below. OIGr_11-89_Jun11Without a strategic implementation plan, CS&C cannot prioritize its key activities or evaluate its progress in accomplishing its mission and goals, nor can it determine whether it is meeting its responsibilities outlined in the Strategy, NIPP, and CNCI. The use of performance metrics is a critical step in the risk management process to enable DHS and Sector-Specific Agencies to assess improvements in CIKR protection and resiliency at the national and sector levels objectively and qualitatively. Once CS&C has defined its responsibilities, priorities, and goals, it will be able to develop objective, quantifiable performance criteria and metrics to evaluate its progress and better support DHS’ efforts to secure cyberspace and protect CIKR.
Leave a Reply