In an effort to strengthen the country’s cybersecurity posture, top House Democrats have written to the U.S. Government Accountability Office (GAO) seeking a comprehensive review of the efficiency and effectiveness of major federal cybersecurity programs.
The request is in response to a wave of concern regarding ongoing bottlenecks and budget constraints affecting crucial vulnerability management efforts led by the Cybersecurity and Infrastructure Security Agency (CISA) and the National Institute of Standards and Technology (NIST).
Bennie G. Thompson (D-Miss.) and other House Democrats. Committee on Homeland Security andZoe Lofgren (D-Calif.) (Ala.), ranked Mr. Gosar, along with House Freedom Caucus Chairman Andy Biggs (R-Ariz.) and Rep. Paul Gosar (R-Ariz.), ranking member of the House Science, Space and Technology Committee, in a letter to GAO Comptroller General Gene Dodaro detailing their “urgent concerns.”
Specifically, they are calling for a review of CISA’s Common Vulnerabilities and Exposures (CVE) program and NIST’s National Vulnerability Database (NVD). These programs form the cornerstone of the way that organisations across the country find and fix security weaknesses, providing an invaluable asset to both public and private organisations.
The legislators noted that early in 2024 NIST experienced significant funding constraints, resulting in a backlog of thousands of vulnerabilities in the NVD that remains in the NVD to this day.
A close shave with imminent suspension of CISA’s contract that funds the CVE program was also a reminder of the outsized role that this initiative plays in the security community and the critical need to safeguard it for the long term.
“Because of the critical role these programs play in our nation’s cybersecurity, we ask the Government Accountability Office to study the federal programs created to address the vulnerabilities and weaknesses in information technology systems that are discovered…” the letter said.
The GAO study would additionally evaluate the effectiveness and efficiency of programs as well as look at who, among governmental and non-governmental groups, utilizes those programs.
The call for more oversight comes amid a broader effort by Congress to bolster the nation’s cyber security, including as the Cybersecurity Information Sharing Act nears expiration in 2025.
Democrats are also have long been strong proponents of increased cooperation between the government and the private sector in efforts to keep up with growing cyber threats, and the GAO’s review is considered vital for keeping key cybersecurity programs on the front line of defense protecting the country’s infrastructure.
