Gregory Wilshusen, director of information security issues at GAO, said in a written statement to House lawmakers Wednesday that challenges include program design for risk-based cybersecurity, IT contractor oversight, security incident and data breach response and the implementation of cyber programs at small agencies.
He told the House Science Committee’s subpanels on oversight and research and technology that the government’s Personal Identity Verification, Continuous Diagnostics and Mitigation and National Cybersecurity Protection System or Einstein work to improve the security of federal information systems.
“[Agencies] need to employ a multi-layered approach to security that includes well-trained personnel, effective and consistently applied processes, and appropriate technologies,” Wilshusen added.