In a report published in July but released this week, the Government Accountability Office (GAO) said because of the number of federal organizations involved in shaping cybersecurity policy and processes, the United States has hurdles to overcome to present a united front to the world on the issue.
Until challenges across the board -- in leadership, strategy, coordination, standards, policies, and legal discrepancies, among others -- are dealt with, the United States "will be at a disadvantage in promoting its national interests in the realm of cyberspace," the GAO found.
Cybersecurity is an important issue for the Obama administration, but Congress has been slow to move on passing a comprehensive law to tackle the issue at home. Cyberdefense, law enforcement, and cybersecurity implementations are handled by several agencies, which also coordinate with local and state governments as well as the private sector to protect the United States against cyberattacks.
In the area of leadership, multiple U.S. agencies -- including the Departments of Commerce, Defense, Homeland Security, Justice, and State and the National Security Agency -- have a hand in directing international standards, cyber-defense policy, and facilitating overseas investigation and law enforcement when it comes to cybersecurity. The federal government must coordinate across them to present a coherent national approach the rest of the world can recognize and comply with, the GAO said.
The U.S. also still needs to define a national cybersecurity strategy with clear objectives, goals, and activities, not to mention put in place performance measurements to ensure that activities achieve desired outcomes, according to the report.
All of the agencies involved in directing cybersecurity in the United States also must come up with a global policy when it comes to the issue, an effort that has begun but is nowhere near complete.
Standards, too, pose a complicated landscape for the United States when it comes to cybersecurity, the report noted.
Some U.S. and foreign technical standards that address cybersecurity or policy can incidentally block trade by forcing private companies to choose between exiting a market and redesigning products to comply with standards of a particular country, according to the GAO.
Country-specific standards also pose a challenge, according to the GAO. Some countries -- like China and South Korea -- have attempted to force the United States to comply with internally developed cybersecurity standards, which risks discriminating against U.S. companies.
Cybersecurity laws and enforcement of U.S. laws abroad pose a problem as well for the global cybersecurity effort.
The GAO noted that several factors impede efforts to enforce U.S. criminal and civil law as it relates to cyberspace, including differences among various nations' laws, insufficient technical capability of judicial systems, and inconsistent enforcement of existing laws.
Indeed, U.S. FBI and Secret Service officials have said they have been hampered in acquiring evidence for some transactional cybercrime investigations, the report noted.