December 9, 2021

News

News Network

Critical Infrastructure Protection: CISA Should Assess the Effectiveness of its Actions to Support the Communications Sector

10 min read
<div>What GAO Found The Communications Sector is an integral component of the U.S. economy and faces serious physical, cyber-related, and human threats that could affect the operations of local, regional, and national level networks, according to the Department of Homeland Security's (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and sector stakeholders. Examples of Potential Security Threats to the Communications Sector In addition, CISA determined that the Communications Sector depends on other critical infrastructure sectors—in particular, the Energy, Information Technology, and Transportation Systems Sectors—and that damage, disruption, or destruction to any one of these sectors could severely impact the operations of the Communications Sector. CISA primarily supports the Communications Sector through incident management and information-sharing activities, such as coordinating federal activities to support the sector during severe weather events and managing cybersecurity programs, but has not assessed the effectiveness of these actions. For example, CISA has not determined which types of infrastructure owners and operators (e.g., large or small telecommunications service providers) may benefit most from CISA's cybersecurity programs and services or may be underrepresented participants in its information-sharing activities and services. By assessing the effectiveness of its programs and services, CISA would be better positioned to identify its highest priorities. CISA has also not updated the 2015 Communications Sector-Specific Plan, even though DHS guidance recommends that such plans be updated every 4 years. As a result, the current 2015 plan lacks information on new and emerging threats to the Communications Sector, such as security threats to the communications technology supply chain, and disruptions to position, navigation, and timing services. Developing and issuing an updated plan would enable CISA to set goals, objectives, and priorities that address threats and risks to the sector, and help meet its sector risk management agency responsibilities. Why GAO Did This Study The Communications Sector, one of 16 critical infrastructure sectors, is vital to the United States. Its incapacitation or destruction could have a debilitating impact on the safety and security of our nation. The private sector owns and operates the majority of communications infrastructure, including broadcast, cable, satellite, wireless, and wireline systems and networks. DHS's CISA is the lead federal agency responsible for supporting the security and resilience of the sector. GAO examined (1) the security threats CISA has identified to the sector, (2) how CISA supports the sector, and (3) the extent to which CISA has assessed its support and emergency preparedness for the sector. GAO reviewed DHS reports, plans, and risk assessments on the sector and interviewed CISA officials and private sector stakeholders to identify and evaluate CISA's actions to support the security and resilience of the Communications Sector.</div>

What GAO Found

The Communications Sector is an integral component of the U.S. economy and faces serious physical, cyber-related, and human threats that could affect the operations of local, regional, and national level networks, according to the Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and sector stakeholders.

Examples of Potential Security Threats to the Communications Sector

In addition, CISA determined that the Communications Sector depends on other critical infrastructure sectors—in particular, the Energy, Information Technology, and Transportation Systems Sectors—and that damage, disruption, or destruction to any one of these sectors could severely impact the operations of the Communications Sector.

CISA primarily supports the Communications Sector through incident management and information-sharing activities, such as coordinating federal activities to support the sector during severe weather events and managing cybersecurity programs, but has not assessed the effectiveness of these actions. For example, CISA has not determined which types of infrastructure owners and operators (e.g., large or small telecommunications service providers) may benefit most from CISA’s cybersecurity programs and services or may be underrepresented participants in its information-sharing activities and services. By assessing the effectiveness of its programs and services, CISA would be better positioned to identify its highest priorities.

CISA has also not updated the 2015 Communications Sector-Specific Plan, even though DHS guidance recommends that such plans be updated every 4 years. As a result, the current 2015 plan lacks information on new and emerging threats to the Communications Sector, such as security threats to the communications technology supply chain, and disruptions to position, navigation, and timing services. Developing and issuing an updated plan would enable CISA to set goals, objectives, and priorities that address threats and risks to the sector, and help meet its sector risk management agency responsibilities.

Why GAO Did This Study

The Communications Sector, one of 16 critical infrastructure sectors, is vital to the United States. Its incapacitation or destruction could have a debilitating impact on the safety and security of our nation. The private sector owns and operates the majority of communications infrastructure, including broadcast, cable, satellite, wireless, and wireline systems and networks. DHS’s CISA is the lead federal agency responsible for supporting the security and resilience of the sector.

GAO examined (1) the security threats CISA has identified to the sector, (2) how CISA supports the sector, and (3) the extent to which CISA has assessed its support and emergency preparedness for the sector. GAO reviewed DHS reports, plans, and risk assessments on the sector and interviewed CISA officials and private sector stakeholders to identify and evaluate CISA’s actions to support the security and resilience of the Communications Sector.

More from:

News Network

  • Secretary Antony J. Blinken with Nike Nylander of Public Service Swedish Television
    In Crime Control and Security News
    Antony J. Blinken, [Read More…]
  • United States and ASEAN: A Billion Futures Across the Indo-Pacific
    In Crime Control and Security News
    Office of the [Read More…]
  • Justice Department Settles with North Carolina Dental Offices Over HIV Discrimination
    In Crime News
    The Justice Department announced today that it has reached a settlement to resolve a claim that Night and Day Dental Inc. discriminated against a woman with HIV in violation of the Americans with Disabilities Act (ADA). 
    [Read More…]
  • Defense Contractors: Information on Violations of Safety, Health, and Fair Labor Standards
    In U.S GAO News
    GAO's analysis of federal data found that about 1 percent of companies with Department of Defense (DOD) contracts were cited for willful or repeated safety, health, or fair labor violations in fiscal years 2015 through 2019. However, these data do not indicate whether the violations occurred while performing work related to a defense contract. Companies with DOD Contracts Cited for Willful or Repeated Violations under the Fair Labor Standards Act of 1938 or the Occupational Safety and Health Act of 1970, Fiscal Years 2015 through 2019 Because of limitations in available data, GAO could not determine the total incidence of willful or repeated violations of safety, health, or fair labor standards among all companies with a defense contract in this 5-year time frame. Specifically, about 43 percent of the Department of Labor's (Labor) safety and health violation data did not include key company identification numbers. These numbers are necessary to match federal contracting data to violation data. GAO recommended in February 2019 that Labor explore ways to address this issue. While Labor neither agreed nor disagreed with the recommendation, it issued a memorandum in May 2019 directing its Occupational Safety and Health Administration staff to make every reasonable effort to collect this information during inspections and enter it into its database. About 1 percent of Labor's data on fair labor violations were missing these key company identification numbers. The nature of the willful or repeated violations for companies with DOD contracts during fiscal years 2015 through 2019 varied. According to GAO's analysis of Labor data, the most frequently found willful or repeated safety and health violations related to toxic substances and machinery. For that same time frame, the most frequently found willful or repeated fair labor violations related to failure to pay overtime. The National Defense Authorization Act for Fiscal Year 2020 included a provision for GAO to report on the number of DOD contractors that Labor found to have committed willful or repeated violations under the Occupational Safety and Health Act of 1970 (OSH Act) or the Fair Labor Standards Act of 1938 (FLSA) for fiscal years 2015 through 2019. This report examines the number of DOD contractors that were cited for willful or repeated safety, health, or fair labor standards violations under the OSH Act or FLSA, and the nature of those violations for fiscal years 2015 through 2019. GAO analyzed federal contracting data to identify companies that had defense contracts in fiscal years 2015 through 2019, and matched them to Labor data on companies cited for willful or repeated safety, health, or fair labor standards violations. In addition, GAO used the Labor data to identify information on the nature of the violations. GAO also reviewed relevant federal laws and regulations, and agency documents. For more information, contact William T. Woods at (202) 512-4841 or woodsw@gao.gov, or Thomas Costa at (202) 512-7215 or costat@gao.gov.
    [Read More…]
  • Acting AG and Five Country Statement on the Temporary Derogation to the ePrivacy Directive to Combat Child Sexual Exploitation and Abuse
    In Crime News
    Acting Attorney General Jeffrey A. Rosen joined the Home Affairs, Interior, and Security Ministers of Australia, Canada, New Zealand, and the United Kingdom in issuing the following statement:
    [Read More…]
  • Sinaloa Cartel Money Launderer Sentenced to 10 Years in Prison
    In Crime News
    A money launderer for the Sinaloa Cartel was sentenced yesterday in the U.S. District Court for the Southern District of California to 10 years in prison and a $50,000 fine for laundering approximately $15 million from the sale of methamphetamine, cocaine, and heroin that were smuggled into the United States by the Sinaloa Cartel.
    [Read More…]
  • Guyana National Day
    In Crime Control and Security News
    Antony J. Blinken, [Read More…]
  • Readout of Acting Attorney General Monty Wilkinson, FBI Director Christopher Wray and Assistant to the President for Homeland Security Dr. Elizabeth Sherwood-Randall from the Funeral of FBI Special Agent Daniel Alfin
    In Crime News
    Acting United States Attorney General Monty Wilkinson, FBI Director Christopher Wray and President Joe Biden’s Homeland Security Advisor Dr. Elizabeth Sherwood-Randall represented the United States Government’s official delegation today at the funeral service for fallen FBI Special Agent Daniel Alfin in Fort Lauderdale, Florida. 
    [Read More…]
  • Priority Open Recommendations: Office of Science and Technology Policy
    In U.S GAO News
    What GAO Found As of June 2021, the Office of Science and Technology Policy (OSTP) had 11 open recommendations. We are identifying three recommendations from our prior work as priorities for implementation by OSTP. These three recommendations relate to strengthening interagency collaboration on science and technology issues. As the challenges of the 21st century grow, it is increasingly important for executive agencies to consider how the federal government can maximize performance and results through improved collaboration. Our prior work has shown that many issues, including those in science and technology, cut across multiple agencies. In this regard, OSTP plays a critical role in bringing agencies together under the committees and subcommittees of the National Science and Technology Council. This mechanism provides a valuable opportunity for agencies to coordinate on implementing an administration's research and development priorities and to address cross-cutting science and technology issues, such as scientific integrity, public access to federally funded research results, reliability of research results, supply chains for critical materials, and others. Strengthening interagency coordination in these areas could help amplify the synergistic effects of related research conducted by different agencies, avoid unnecessary overlapping or duplicative research and development efforts, and share lessons learned or coordinate actions to address science and technology issues. Why GAO Did This Study Priority open recommendations are the GAO recommendations that warrant priority attention from heads of key departments or agencies because their implementation could save large amounts of money; improve congressional and/or executive branch decision-making on major issues; eliminate mismanagement, fraud, and abuse; or ensure that programs comply with laws and funds are legally spent, among other benefits. Since 2015 GAO has sent letters to selected agencies to highlight the importance of implementing such recommendations. This is the first year that we are providing a priority recommendation letter to OSTP. For more information, contact John Neumann at (202) 512-6888 or neumannj@gao.gov.
    [Read More…]
  • Defense Budget: Opportunities Exist to Improve DOD’s Management of Defense Spending
    In U.S GAO News
    GAO's previous work has shown that a number of opportunities exist for the Department of Defense (DOD) to strengthen management of defense spending, which would help the department address the challenges it faces, especially in a constrained budget environment. These opportunities include: Improving budgeting execution of funds. DOD does not fully obligate the funds appropriated to it and can improve both its budgeting for and its use of the resources that are provided to it. For example, GAO found that DOD has left billions of dollars in appropriated amounts unspent over the past 10 fiscal years. Better estimating annual budget requirements and obligating appropriations provided by Congress within the period of availability established by Congress would help DOD minimize these cases of under-execution. More clearly determining future resource requirements related to overseas contingency operations. DOD and Congress need a clearer determination of DOD's future resource requirements, in particular how and whether to incorporate enduring Overseas Contingency Operations (OCO) costs—costs that will endure beyond ongoing contingency operations—into DOD's base budget. These costs could total tens of billions of dollars a year. However, few details exist as to what makes up these enduring costs or how they were derived, raising questions about how much should be included as future requirements. Reducing improper payments. Addressing improper payments—payments that should not have been made or were made in an incorrect amount—is an area where better financial management could save DOD billions of dollars. In its fiscal year 2020 agency financial report, DOD estimated that it paid about $11.4 billion in improper payments, or about 1.7 percent of all payments it made that year. DOD has taken steps to reduce improper payments in some areas, but DOD's estimates of its improper payments in other areas indicate more remains to be done. Sustaining and refining department-wide business reform efforts. DOD must transform its overall business operations so that it can more efficiently and effectively use its resources. In recent years, DOD reported notable achievements from its most recent department-wide business reform efforts, including $37 billion in savings from fiscal years 2017 to 2021 as a result of these efforts. However, GAO previously found that while DOD's reported savings were largely reflected in its budget materials, the analyses underlying these estimates were not always well documented and the savings were not always the result of business reform. Moreover, uncertainty about the leadership structure at DOD for overseeing and reforming business operations, including the recent elimination of the Chief Management Officer position, calls into question whether efforts to fundamentally transform how the department does business can be realized and sustained. GAO has previously highlighted the importance of DOD providing clear department-wide guidance on roles, responsibilities, authorities, and resources for business reform efforts will be necessary for DOD to make progress in these efforts. Decisions by DOD and Congress regarding long-term defense needs will have a meaningful impact on the nation's fiscal future. As the single largest category of discretionary spending, defense spending is likely to play a large role in any discussion of future federal spending. GAO and others have found that DOD faces challenges that are likely to put pressure on its budget moving forward. DOD is the only major federal agency that has been unable to receive a clean audit opinion on its financial statements. This testimony provides information on how DOD can better manage defense spending, specifically related to its ability to (1) accurately estimate its budgetary requirements and execute its appropriated funds, (2) determine resource requirements related to overseas contingency operations, (3) reduce improper payments, and (4) sustain and refine department-wide reform efforts. For this testimony, GAO reviewed and summarized its recent work on DOD budget and financial management issues and departmental reform efforts. In prior work on which this testimony is based, GAO made recommendations that DOD take steps to better estimate its annual budget requirements and future fiscal needs for OCO, reduce improper payments, and refine and formalize its departmental reform efforts. DOD generally concurred with these recommendations and is working toward implementing them. For more information, contact Elizabeth A. Field at (202) 512-2775 or fielde1@gao.gov.
    [Read More…]
  • Four Former Minneapolis Police Officers Indicted on Federal Civil Rights Charges for Death of George Floyd; Derek Chauvin Also Charged in Separate Indictment for Violating Civil Rights of a Juvenile
    In Crime News
    A federal grand jury in Minneapolis, Minnesota returned two indictments that were unsealed today. The first indictment charges former Minneapolis Police Department officers Derek Chauvin, 45; Tou Thao, 35; J. Alexander Kueng, 27; and Thomas Lane, 38, with federal civil rights crimes for their roles in the death of George Perry Floyd Jr.
    [Read More…]
  • The United States Urges an End to Violent Demonstrations in Honiara, Solomon Islands
    In Crime Control and Security News
    Ned Price, Department [Read More…]
  • Mail-Order Diabetic Testing Supplier and Parent Company Agree to Pay $160 Million to Resolve Alleged False Claims to Medicare
    In Crime News
    Arriva Medical LLC (Arriva), at one point the nation’s largest Medicare mail-order diabetic testing supplier, and its parent, Alere Inc. (Alere), have agreed to pay $160 million to resolve allegations that they violated the False Claims Act.
    [Read More…]
  • Fiscal Year 2022 Budget Request: U.S. Government Accountability Office
    In U.S GAO News
    In fiscal year (FY) 2020, GAO's work yielded $77.6 billion in financial benefits, a return of about $114 for every dollar invested in GAO. We also identified 1,332 other benefits that led to improved services to the American people, strengthened public safety, and spurred program and operational improvements across the government. In March 2021, GAO reported on 36 areas designated as high risk due to their vulnerabilities to fraud, waste, abuse, and mismanagement or because they face economy, efficiency, or effectiveness challenges. In FY 2020 GAO's High Risk Series products resulted in 168 reports, 26 testimonies, $54.2 billion in financial benefits, and 606 other benefits. In this year of GAO's centennial, GAO's FY 2022 budget request seeks to lay the foundation for the next 100 years to help Congress improve the performance of government, ensure transparency, and save taxpayer dollars. GAO's fiscal year (FY) 2022 budget requests $744.3 million in appropriated funds and uses $50.0 million in offsets and supplemental appropriations. These resources will support 3,400 full-time equivalents (FTEs). We will continue our hiring focus on boosting our Science and Technology and appropriations law capacity. GAO will also maintain entry-level and intern positions to address succession planning and to fill other skill gaps. These efforts will help ensure that GAO recruits and retains a talented and diverse workforce to meet the priority needs of the Congress. In FY 2022, we will continue to support Congressional oversight across the wide array of government programs and operations. In particular, our science and technology (S&T) experts will continue to expand our focus on rapidly evolving (S&T) issues. Hallmarks of GAO's (S&T) work include: (1) conducting technology assessments at the request of the Congress; (2) providing technical assistance to Congress on science and technology matters; (3) continuing the development and use of technical guides to assess major federal acquisitions and technology programs in areas such as technology readiness, cost estimating, and schedule planning; and (4) supporting Congressional oversight of federal science programs. With our requested funding, GAO will also bolster capacity to review the challenges of complex and growing cyber security developments. In addition, GAO will continue robust analyses of factors behind rising health care costs, including costs associated with the ongoing COVID-19 Pandemic. Internally, the funding requested will make possible priority investments in our information technology that include the ability to execute transformative plans to protect data and systems. In FY 2022 GAO will continue to implement efforts to increase our flexibility to evolve IT services as our mission needs change, strengthen information security, increase IT agility, and maintain compliance. We will increase speed and scalability to deliver capabilities and services to the agency. This request will also help address building infrastructure, security requirements, as well as tackle long deferred maintenance, including installing equipment to help protect occupants from dangerous bacteria, viruses, and mold. As reported in our FY 2020 financial statements, GAO's backlog of deferred maintenance on its Headquarters Building had grown to over $82 million as of fiscal year-end. Background GAO's mission is to support Congress in meeting its constitutional responsibilities and to help improve the performance and ensure the accountability of the federal government for the benefit of the American people. We provide nonpartisan, objective, and reliable information to Congress, federal agencies, and to the public, and recommend improvements across the full breadth and scope of the federal government's responsibilities. In fiscal year 2020. GAO issued 691 products, and 1,459 new recommendations. Congress used our work extensively to inform its decisions on key fiscal year 2020 and 2021 legislation. Since fiscal year 2000, GAO's work has resulted in over: $1.2 trillion dollars in financial benefits; and 25,328 program and operational benefits that helped to change laws, improve public services, and promote sound management throughout government. As GAO recognizes 100 years of non-partisan, fact-based service, we remain committed to providing program and technical expertise to support Congress in overseeing the executive branch; evaluating government programs, operations and spending priorities; and assessing information from outside parties. For more information, contact Gene L. Dodaro at (202) 512-5555 or dodarog@gao.gov.
    [Read More…]
  • Secretary Antony J. Blinken and OECD Secretary-General Mathias Cormann at a Joint Press Availability
    In Crime Control and Security News
    Antony J. Blinken, [Read More…]
  • Secretary Antony J. Blinken at a Ceremony to Commemorate the 20th Anniversary of the September 11, 2001 Terrorist Attacks
    In Crime Control and Security News
    Antony J. Blinken, [Read More…]
  • Readout of Acting CT Coordinator Godfrey’s Travel to Malta
    In Crime Control and Security News
    Office of the [Read More…]
  • Medical Device Company Arthrex to Pay $16 Million to Resolve Kickback Allegations
    In Crime News
    More from: November 8, [Read More…]
  • How Common Sense and Hard Work Saved Taxpayers
    In Human Health, Resources and Services
    Imagine you manage a [Read More…]
  • Special Operations Forces: DOD’s Report to Congress Generally Addressed the Statutory Requirements but Lacks Detail
    In U.S GAO News
    What GAO Found GAO found that the Department of Defense’s (DOD) report to Congress on special operations forces (SOF) and U.S. Special Operations Command (SOCOM) addressed or partially addressed each of the eight mandated reporting elements, but did not include additional details on the analysis that underpins the department’s conclusions on several reporting elements. Specifically:  Reporting Element 1: The organizational structure of SOCOM and each subordinate component. The report partially addressed this by concluding that the organizational structure of SOCOM is adequate to meet current assigned roles and responsibilities. The report does not provide analysis to justify how the department reached that conclusion. Reporting Element 2: The policy and civilian oversight structures for SOF within DOD. The report partially addressed this by concluding that the oversight and statutory structures and responsibilities meets statutory and assigned oversight responsibilities. The report does not discuss the alignment of resources, including human capital, as it pertains to the offices with oversight responsibilities.  Reporting Element 3: The roles and responsibilities of SOCOM and SOF under Title 10 of the U.S. Code. The report addressed this by concluding that SOCOM and SOF have sufficient statutory authorities to accomplish their roles and responsibilities under section 167 of title 10, United States Code. Reporting Element 4: The current and future special operations-peculiar requirements of the geographic combatant commands and the Theater Special Operations Commands.The report partially addressed this by concluding that current and future special-operations peculiar requirements can be met with current and planned resources.  The report does not specify the GAO found that the Department of Defense’s (DOD) report to Congress on special operations forces (SOF) and U.S. Special Operations Command (SOCOM) addressed or partially addressed each of the eight mandated reporting elements, but did not include additional details on the analysis that underpins the department’s conclusions on several reporting elements. Reporting Element 5: The command relationships between SOCOM, its subordinate component commands, and the geographic combatant commands. The report partially addressed this by concluding that command relationships are adequate. The report includes information on the relationships between SOCOM, the geographic combatant commands, and the Theater Special Operations Commands, but does not discuss command relationships between SOCOM and its service component commands Reporting Element 6: The funding authorities, uses, acquisition processes, and civilian oversight mechanisms of Major Force Program-11. The report addressed this by concluding that these elements of Major Force Program-11 funding, which is used to organize, train, and equip forces to conduct special operations missions and acquire or modify service common systems for special operations when there is no broad conventional force need, are adequate and by including information on the budget development process and uses of Major Force Program-11 funding. The report also addressed the resolution of resourcing disputes between SOCOM and the services; DOD’s assessment of funding authorities and overseas contingency operations requirements; and civilian oversight mechanisms for Major Force Program-11 funding. Reporting Element 7: Changes to areas such as structure, authorities, and oversight mechanisms assumed in the 2014 Quadrennial Defense Review. The report partially addressed this by concluding that the structure, authorities, Major Force Program-11 funding, roles, and responsibilities are adequate. However, the report does not provide justification on how the department reached that conclusion.  Reporting Element 8: Any other matters the Secretary of Defense determined appropriate to ensure a comprehensive review and assessment. The report addressed this by including information on suicide prevention, health, and family readiness programs, and on initiatives to enhance the professionalization of SOF. Why GAO Did This Study Since 2001, DOD has deployed SOF to conduct a range of military operations, particularly in Afghanistan and Iraq. To meet an increase in operational demands for SOF, DOD has increased SOCOM’s funding and SOF force levels. DOD strategic guidance indicates that SOF will continue to play a prominent role in support of the defense strategy. The National Defense Authorization Act for Fiscal Year 2014 (the Act), Section 1086, required the Secretary of Defense to submit to the congressional defense committees a report on SOF organization, capabilities, structure, and oversight. The Act further mandated GAO to submit to the congressional defense committees an evaluation of the DOD report no later than 60 days after the issuance of the DOD report. GAO examined the extent to which DOD’s report addressed the mandated reporting elements. To address this objective, GAO analyzed the Act to identify the reporting elements, assessed DOD’s report to determine whether each of the eight mandated reporting elements were addressed, and interviewed DOD officials.
    [Read More…]

Crime

Network News © 2005 Area.Control.Network™ All rights reserved.