Retiring Comptroller General Gene Dodaro delivered a message to lawmakers Tuesday on what he believes should be one of Congress’s top priorities as he exits federal service: getting the government’s cybersecurity work in order before it’s too late.
Appearing before a Senate Homeland Security and Governmental Affairs panel, Dodaro said cybersecurity and critical infrastructure protection are not getting “the urgent attention commensurate with the evolving grave threat.” Daily pressure from state and non-state actors puts the U.S. in a “very vulnerable” position, the Government Accountability Office chief said.
One piece of addressing that puzzle, Dodaro said later in the Subcommittee on Border Management, Federal Workforce and Regulatory Affairs hearing, is getting a permanent director of the Cybersecurity and Infrastructure Security Agency confirmed as soon as possible.
“I think it’s essential,” Dodaro said in response to a question from Sen. Bernie Moreno, R-Ohio, on the importance of having a CISA head in place. “We’ve spent a lot of time trying to encourage the government to do more, and CISA was doing, you know, a better job.”
Madhu Gottumukkala has served as CISA’s acting director since the spring while Sean Plankey, the White House’s nominee for the post, has awaited confirmation. Sources told CyberScoop earlier this month that Plankey is unlikely to move forward after multiple senators placed or threatened holds on his nomination.
“We have a lot of open recommendations still for them to do,” Dodaro said. “But I’m concerned that we’re taking our foot off the gas at CISA, and I think we’ll live to regret it.”
The GAO, which Dodaro has led since 2010, designated cybersecurity as a high-risk area across the federal government in 1997, and did the same for critical infrastructure in 2003. There have been “a lot of changes” in the past decade, Dodaro added, but 600 out of 4,400 recommendations are still open.
Addressing those recommendations will be increasingly hard, he continued, given the Trump administration’s downsizing of CISA. The cyber agency has lost about a third of its staff, Dodaro said — a figure that Moreno said was “obviously untenable” given the reality of “escalating” threats facing the country.
Dodaro noted earlier in the hearing that a threat that has him especially concerned involves CISA’s mandate to protect the security of elections.
The cyber agency has historically “provided a lot of assistance to … elections officials at the state and local level,” he said. “I’m concerned they may not be postured to do that with the midterms coming up, as well as deal with critical infrastructure throughout the country.”
Senators on both sides of the aisle appeared receptive to Dodaro’s warnings and expressed gratitude for his more than 52 years of service at the congressional watchdog.
“There are very few people in the world who can say that they saved their nation billions of dollars based on their service. But you are one of those,” subcommittee Chair James Lankford, R-Okla., told Dodaro. “Thank you for those decades of federal service that you gave to our nation to be able to help get our fiscal health back in order.”