A report released today by the Office of Inspector General reveals that although US-CERT has made advancements in adopting a cybersecurity program in aiding federal agencies in protecting their IT systems against cyber threats and facilitated cybersecurity information sharing with the public and private sectors, it still fails in several areas.
The findings of the report indicate US-CERT is not fully capable to provide an effective analysis and warning program for the federal government. The agency also has neither enough personnel nor the appropriate enforcement authority to help mitigate security incidents. Additionally, US-CERT has yet to create a strategic plan to formalize goals, objectives and milestones, the study noted.
“Without a strategic plan, US-CERT may have difficulty in achieving its goal to provide response support and defense against potential cyber attacks for the federal government,” said Inspector General Richard L. Skinner in the report.
To help remedy the current shortcomings, the Office of Inspector General recommended US-CERT to improve its information sharing and communications coordination efforts with the public and improve its situational awareness and identification capability by monitoring the federal cyber infrastructure for network anomalies in real-time.