RSS Alerts

Share

More services

Related Links

Related Stories

  • Senate introduces sweeping cybersecurity bill
    Late last week Senator Joe Lieberman, along with other ranking members of the Senate Committee on Homeland Security, introduced a comprehensive bill designed to strengthen the nation’s networks and critical infrastructure against cyberattacks while expanding presidential powers to combat the threats.
  • Grading Obama on Cybersecurity
    Early in his term, President Obama promised to address the issue of cybersecurity by continuing and even expanding upon the efforts of the previous administration. Lauren Moraski surveys experts in the field, providing an assessment of the job the new president is doing so far to address this issue
  • FBI director requests more cybersecurity staff
    The FBI has submitted its fiscal year 2011 budget demands to Congress, requesting additional resources for several cybersecurity concerns, including computer intrusions and counterintelligence.
  • Lack of precise definitions plagues cybersecurity legislation
    According to one security expert, anywhere from 14 to 35 pieces of legislation aiming to effect cybersecurity are in the works, depending on how one defines its role within the genre. These bills range from comprehensive to very focused, but, as some security experts claim, they all have common drawbacks.
  • US government not properly coordinating cybersecurity efforts, warns GAO
    The US government is still failing on cybersecurity thanks to a lack of clear definitions among different agencies, the US Government Accountability Office has warned.
  • RSA rewind: National security heavyweights talk cybersecurity
    In what may have been the most star-studded event of last week’s RSA Conference in San Francisco, a panel of experts gathered during one keynote to discuss how governments can come together to combat cybersecurity threats without compromising individual liberties.

Top 5 Stories

News

Inspector General identifies key deficiencies in US cybersecurity response

17 June 2010

The Department of Homeland Security’s Inspector General testified before Congress yesterday and provided an update on US-CERT’s efforts to improve cybersecurity, while also identifying many key points where the department is still falling short.

DHS Inspector General Richard Skinner spoke before the House Committee on Homeland Security yesterday and detailed his office’s latest report on the progress US-CERT has made in securing cyberspace. Both the report and Skinner’s testimony show that while US-CERT has made strides to beef up cybersecurity in recent years, there are still several items that need to be addressed going forward.

Skinner did acknowledge that US-CERT – which is responsible for defending federal government networks against cyber attacks – has made great strides in promoting information sharing between the private and public sector, using various notices, bulletins, and reports.

Nonetheless, the IG identified three key areas where US-CERT falls short in living up to its mission. First is its lack of enforcement authority in responding to security threats. “Without this authority, Skinner said, “US-CERT is limited in its ability to mitigate effectively ever-evolving security threats and vulnerabilities”.

Skinner added that because US-CERT cannot compel federal agencies to enact its recommendations, these cyber threats and vulnerabilities are often not addressed in a timely fashion. He highlighted the fact the US-CERT would have been given such increased enforcement capabilities under the revised FISMA legislation put forth in 2008, however, “since the proposed legislation was not approved, US-CERT remains without enforcement authority”, he continued.

The testimony also reviewed the staffing problems that the computer response team faces. The number of positions allotted for US-CERT was increased from 38 in 2008 to 98 in 2010, but Skinner lamented that only 45 of those positions had been filled. Several reasons were cited for the shortfall in staffing, including turnover, lack of qualified applicants, and the rigorous approval process that takes anywhere from nine to 12 months, even if the applicant has already received top secret clearance.

“As a result, staffing shortages force current analysts to perform additional duties, instead of fulfilling the technical analyst role for which they were hired”, noted the IG’s audit report.

“Without sufficient staffing, US-CERT cannot completely fulfill its responsibilities to analyze data and reports to reduce cyber threats and vulnerabilities as well as support the public and private sectors”, Skinner told the House committee.

The third point the IG covered was US-CERT’s lack of a strategic plan and performance measures, without which the organization is hampered in its mission to defend the federal government against cyber attacks Skinner said.

He would go on to provide several key action points to the committee derived from the audit. The first recommendation includes establishing specific performance measures and developing a strategic plan for US-CERT. Citing the increased sophistication and effectiveness of cyber attacks, the IG said that such a strategic plan is key to helping the organization measure progress and articulate clear goals.

“While progress has been made”, said Skinner, “US-CERT still faces numerous challenges in effectively reducing the cyber security risks and protecting the nation’s critical infrastructure”.

This article is featured in:
Internet and Network Security • Public Sector

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Terms & Conditions |Privacy |Website Design|Reed Exhibitions. All rights reserved. Copyright © 2012