DHS IG: US-CERT Needs Work

DHS IG: US-CERT Needs Work - top government contractors - best government contracting event

DHS IG: US-CERT Needs Work - top government contractors - best government contracting eventDespite the various accomplishments of the U.S.-CERT in the past few years, there are still many areas that need improvement, DHS“™ Inspector General told members of the House Committee on Homeland Security.

During a hearing June 16, Richard Skiner told members U.S.-CERT has had some successes but still doesn“™t provide analysis and warning for the federal government as it should.

“U.S.-CERT is still hindered in its ability to provide an effective analysis and warning program for the federal government in a number of ways,“ Skiner said. “U.S.-CERT does not have the appropriate enforcement authority to help mitigate security incidents. It is not sufficiently staffed to perform its mission.“

“Further, U.S.-CERT has not finalized and approved its performance measures and policies and procedures related to cybersecurity efforts,“ he added.

One way to fix the current situation is to provide U.S.-CERT with an enforcement authority, according to Skiner. Without the authority to enforce recommendations to protect federal systems and networks, U.S.-CERT will be limited in its ability to mitigate the changed threat landscape.

“U.S.-CERT remains without enforcement authority,“ he said. “Without the enforcement authority to implement recommendations, U.S.-CERT continues to be hindered in coordinating the protection of federal cyberspace.“

Another central problem for U.S.-CERT is that the organization lacks adequate staff, according to Skiner. The organization has an authorized 98 positions, yet as of January 2010, only 45 were filled.

“U.S.-CERT does not have sufficient staff to perform its 24×7 operations as well as to analyze security information timely,“ he said. “Without sufficient staff, U.S.-CERT cannot completely fulfill its responsibilities to analyze data and reports to reduce cyber threats and vulnerabilities as well as support the public and private sectors.“

In order to meet the current staffing shortages, U.S.-CERT relies on contractor support, Skiner said. Another problem facing U.S.-CERT is the lack of a strategic plan that would formalize objectives, milestones and goals, he added.

“Without a strategic plan and performance measures, U.S.-CERT may have difficulty in achieving its goal to provide response support and defense against potential cyber attacks for the federal government,“ Skiner said.

U.S.-CERT also needs to improve its information sharing with other federal agencies to ensure the timely mitigation of vulnerabilities and threats, Skiner asserted. A major impediment is the various classification levels and network architectures used throughout the federal government, which hinders U.S.-CERT“™s ability to share information effectively.

“It is essential that U.S.-CERT and the public and private sectors share cybersecurity information to ensure that appropriate steps can be taken to mitigate the potential effect of a cyber incident,“ Skiner said. “By sharing potential security threats collected through its data sources, U.S.-CERT can provide agencies with detailed information regarding attacks to their networks.“

The inability to monitor federal networks in real time is another problem, according to the IG. The tools currently used by U.S.-CERT don“™t allow for real-time analysis, which makes it difficult for U.S.-CERT to adequately defend federal networks.

“U.S.-CERT is unable to monitor federal cyberspace in real time,“ Skiner said. “As a result, U.S.-CERT will continue to be challenged in protecting the federal cyberspace from security-related threats.“

U.S.-CERT is currently working to address some of these issues, according to the IG. The organization has made progress in implementing a cyber program the help other agencies protect IT systems and has developed a mentoring program to develop employee cyber skills.

“While progress has been made, U.S.-CERT still faces numerous challenges in effectively reducing the cybersecurity risks and protecting the nation“™s critical infrastructure,“ Skiner said.

ExecutiveBiz Logo

Sign Up Now! ExecutiveBiz provides you with Daily Updates and News Briefings about Cybersecurity News


Written by Admin

Featured Job- Cyber Intelligence Analyst with QinetiQ - top government contractors - best government contracting event
Featured Job- Cyber Intelligence Analyst with QinetiQ
Banks Under Siege in Eastern Europe - top government contractors - best government contracting event
Banks Under Siege in Eastern Europe