Agencies haven't gauged critical infrastructure cybersecurity thoroughly, says GAO

Fifth Domain: Though most U.S. critical infrastructure sectors have taken actions to adopt the National Institute of Standards and Technology’s (NIST) Framework for Improving Critical Infrastructure Cybersecurity, sector-specific agencies responsible for developing guidance failed to develop adequate measures for framework adoption within their cluster, a Feb. 15, 2018, Government Accountability Office report found.

“None of the SSAs had measured the cybersecurity framework’s implementation by entities within their respective sectors. None of the 16 coordinating councils reported having qualitative or quantitative measures of framework adoption because they generally do not collect specific information from entities about critical infrastructure protection activities. SSA officials also stated that the voluntary nature and other factors are impediments to collecting such information,” the report said.

Read article