Key Takeaways:
- The outgoing Comptroller General, Gene Dodaro, has emphasized the need for Congress to prioritize cybersecurity and critical infrastructure protection.
- Dodaro believes that the government’s cybersecurity work is not receiving the urgent attention it deserves, despite the evolving and grave threat from state and non-state actors.
- The confirmation of a permanent director for the Cybersecurity and Infrastructure Security Agency (CISA) is crucial to addressing the cybersecurity puzzle.
- The agency has lost about a third of its staff, which is "obviously untenable" given the escalating threats facing the country.
- The protection of election security is a major concern, with CISA’s mandate to assist state and local election officials potentially being compromised due to staffing issues.
Introduction to the Issue
The Comptroller General, Gene Dodaro, has delivered a stark warning to lawmakers about the need to prioritize cybersecurity and critical infrastructure protection. In his testimony before a Senate Homeland Security and Governmental Affairs panel, Dodaro emphasized that these issues are not receiving the urgent attention they deserve, despite the evolving and grave threat from state and non-state actors. With his departure from federal service, Dodaro is highlighting the importance of addressing these concerns before it’s too late. The daily pressure from malicious actors puts the U.S. in a "very vulnerable" position, and it is essential that Congress takes immediate action to mitigate these risks.
The Importance of a Permanent CISA Director
One crucial step in addressing the cybersecurity puzzle is the confirmation of a permanent director for the Cybersecurity and Infrastructure Security Agency (CISA). Dodaro stressed the importance of having a CISA head in place, citing the agency’s critical role in protecting the country’s critical infrastructure. The current acting director, Madhu Gottumukkala, has been leading the agency since the spring, but the White House’s nominee, Sean Plankey, has been awaiting confirmation. However, sources suggest that Plankey’s nomination is unlikely to move forward due to holds placed by multiple senators. Dodaro expressed concern that the lack of a permanent director could hinder the agency’s progress, particularly given the significant number of open recommendations that still need to be addressed.
The Consequences of Inaction
The consequences of inaction on cybersecurity and critical infrastructure protection are severe. Dodaro noted that the Government Accountability Office (GAO) has designated these areas as high-risk across the federal government since 1997 and 2003, respectively. Despite some progress, 600 out of 4,400 recommendations remain open, and addressing these will become increasingly challenging due to the Trump administration’s downsizing of CISA. The agency has lost about a third of its staff, which Dodaro described as "obviously untenable" given the escalating threats facing the country. This reduction in staff will likely compromise the agency’s ability to protect critical infrastructure, including election systems.
Election Security Concerns
The protection of election security is a major concern, with CISA’s mandate to assist state and local election officials potentially being compromised due to staffing issues. Dodaro expressed concern that the agency may not be postured to provide the necessary assistance to election officials, particularly with the midterms approaching. This is a critical issue, as the security of elections is essential to maintaining the integrity of the democratic process. The potential consequences of a cyber attack on election systems could be severe, and it is essential that Congress takes immediate action to address these concerns.
A Call to Action
Dodaro’s testimony serves as a call to action for Congress to prioritize cybersecurity and critical infrastructure protection. The senators present at the hearing appeared receptive to his warnings, expressing gratitude for his decades of service and acknowledging the importance of addressing these concerns. As Dodaro prepares to leave federal service, his message is clear: the government’s cybersecurity work is not receiving the urgent attention it deserves, and it is essential that Congress takes immediate action to mitigate these risks. The confirmation of a permanent CISA director, the restoration of CISA’s staff, and the addressing of open recommendations are all critical steps in ensuring the security of the country’s critical infrastructure.
Conclusion
In conclusion, the outgoing Comptroller General, Gene Dodaro, has emphasized the need for Congress to prioritize cybersecurity and critical infrastructure protection. The consequences of inaction are severe, and it is essential that lawmakers take immediate action to address these concerns. The confirmation of a permanent CISA director, the restoration of CISA’s staff, and the addressing of open recommendations are all critical steps in ensuring the security of the country’s critical infrastructure. As the country faces escalating threats from state and non-state actors, it is essential that Congress takes a proactive approach to mitigating these risks and protecting the integrity of the democratic process.
