Cybersecurity: A Better Defined and Implemented National Strategy is Needed to Address Persistent Challenges, Statement of Gregory C. Wilshusen, Director, Information Security Issues, Testimony Before the Committee on Commerce, Science, and Transportation and the Committee on Homeland Security and Governmental Affairs, U.S. Senate [open pdf - 693KB]
"Federal government agencies and the nation's critical infrastructures have become increasingly dependent on computerized information systems and electronic data to carry out their operations. While creating significant benefits, this can also introduce vulnerabilities to cyber-threats. Pervasive cyber attacks against the United States could have a serious impact on national security, the economy, and public health and safety. The number of reported cyber incidents has continued to rise, resulting in data theft, economic loss, and privacy breaches. Federal law and policy assign various entities responsibilities for securing federal information systems and protecting critical infrastructures. GAO [Government Accountability Office] has designated federal information security as a high-risk area since 1997 and in 2003 expanded this to include cyber critical infrastructure protection. GAO was asked to testify on its recent report on challenges facing the government in effectively implementing cybersecurity and the extent to which the national cybersecurity strategy includes desirable characteristics of a national strategy. In preparing this statement, GAO relied on the report, as well as related previous work. […] In its report, GAO recommended that an integrated national strategy be developed that includes milestones and performance measures; costs and resources; and a clear definition of roles and responsibilities. It also stated that Congress should consider clarifying federal cybersecurity oversight roles through legislation."
Government Accountability Office: http://www.gao.gov/