GAO calls on CISA to review support programs for communications sector

The Government Accountability Office has called on the Cybersecurity and Infrastructure Security Agency to review the support programs and services it runs for the communications sector in a new report.

In the report published Tuesday, the watchdog said the Department of Homeland Security sub-agency has not undertaken the work needed to determine which types of infrastructure owners – such as large or small telecoms service providers – are underrepresented participants within the programs it runs.

GAO has outlined three key measures the Cybersecurity and Infrastructure Security Agency (CISA) must take to improve sector resilience during natural disasters, cyberattacks and human-caused incidents. The watchdog in the study called on CISA to implement metrics to assess the effectiveness of sector-specific programs, undertake a capability assessment of the department’s emergency support function #2 and produce a revised communications sector-specific plan.

“The Communications Sector, one of 16 critical infrastructure sectors, is vital to the United States,” the watchdog’s report says. “GAO is making three recommendations to CISA, including that CISA assess the effectiveness of its support to the Communications Sector, and revise its Communications Sector-Specific Plan. The Department of Homeland Security concurred with the recommendations. The Department of Commerce and the Federal Communications Commission did not provide comments on the draft report.”

CISA is designated as the federal coordinator for emergency support function #2, which supports government and industry efforts to restore critical communications infrastructure and services during incidents such as hurricanes and wildfires. According to GAO, the director of CISA should conduct a review of this function.

In its report, the watchdog said also that the CISA director should work with private enterprise to create the revised, sector-specific plan.