The Government Accountability Office has urged the Department of Homeland Security to establish metrics and methods to assess the performance of the National Cybersecurity and Communications Integration Center.
GAO reported Wednesday NCCIC is required to perform 11 cybersecurity functions and comply with nine principles but the center’s level of adherence is unclear since it has yet to identify the relevance of principles to all functions.
Auditors identified cases where NCCIC implemented functions in line with principles such as efforts to disseminate vulnerability alerts in coordination with industry, academia and national laboratories.
GAO also found instances where NCCIC did not perform functions in accordance with principles such as the requirement to provide technical, risk management and incident response support to federal and nonfederal entities.
NCCIC has yet to develop measures or procedures to assess the timeliness of such efforts, GAO said.
The government watchdog also discovered performance issues such as NCCIC officials’ inability to completely track and consolidate cyber incident reports as well as the potential lack of access to the updated contact information of owners and operators of critical cyber-dependent infrastructures.
GAO called on DHS to determine the applicability of principles; establish metrics to assess performance; and address identified issues, as part of nine recommendations.