The GAO is the long standing hero in the struggle to get the US Federal computer systems up to snuff. The Government Accounting Office has been issuing flunking grades to government agencies for years. In testimony yesterday they said the Department of Homeland Security was failing to protect the nation's cyber infrastructure. As usual the GAO had lots of good advice such as:
* Develop a generally accepted methodology to strategically analyze cyberthreats and warn against them.
* Create a more detailed strategy to better protect the IT-dependent control systems for critical infrastructure with the private sector.
* Establish metrics, policies and procedures to improve information sharing with the private sector.
* Finish threat and vulnerability assessments for each sector of infrastructure.
This is Security 101 stuff. And I guess the GAO is not the one to suggest even stronger measures. But at some point there will have to be a tactical response capability within the DHS. That is the ability to detect and deter cyber assailants. See my Barbary Coast Pirates post from last week.