Communications Litigation Today was a Warren News publication.

CISA Must Fully Organize to Prevent Cyberattacks: GAO

The Cybersecurity and Infrastructure Security Agency in the Department of Homeland Security must fully complete Congress-mandated organizational planning to effectively “identify and respond to cybersecurity incidents” like the Russia-linked SolarWinds hack (see 2012170050), GAO reported Wednesday. Senate Intelligence Committee Chairman Mark Warner, D-Va., and others are drafting a cyber hack reporting measure (see 2103040066). CISA “completed the first two of three phases of its organizational transformation initiative” before Congress’ December deadline but had completed only “about a third of the tasks planned for the final phase” by then, GAO said. Tasks not completed include “finalizing the mission-essential functions of CISA's divisions and issuing a memorandum defining incident management roles and responsibilities across CISA. Tasks such as these appear to be critical to CISA's transformation initiative and accordingly its ability to effectively and efficiently carry out its cyber protection mission.” DHS agreed with GAO’s assessment of CISA’s progress but didn’t fully specify its plans for completing its organizational efforts, the office said.