The Department of Homeland Security’s Inspector General’s latest report says the agency, tasked with defending federal networks against hackers and online spies, needs to do better coordinating its own internal information sharing practices and patching up its systems’ vulnerabilities.
Released Tuesday, the report says DHS faces significant difficulties coordinating responses to cyber attacks against the agency.
The report examined the process for information sharing between DHS headquarters and three of the agencies under its umbrella: U.S. Immigration and Customs Enforcement, the National Protection and Programs Directorate, and the U.S. Secret Service. It found a lack of training, coordination, guidance and compliance among the department’s many agencies.
“DHS plays a pivotal role in coordinating the national response to cyber incidents that result from the vulnerabilities created by our increased reliance on IT systems,” Inspector General John Roth said. “While our audit showed improved coordination between DHS components in carrying out their cybersecurity functions, we have identified duplication of effort and lack of effective policies and controls.”
Among the issues raised by the IG was the need for DHS officials to better understand the cyber responsibilities of each agency. Without that understanding, the IG says, the creation of a cross-departmental cyber strategy is impossible and agencies end up duplicating efforts when it comes to its missions.
The report also criticizes DHS for failing to have a real-time incident information sharing capability across its entire enterprise, inline with the Structured Threat Information Expression/Trusted Automated Exchange of Indicator Information (STIX/TAXII) systems used to investigate incidents tied to the agency’s work. DHS currently cannot support such a system, the report says, due to the need for network infrastructure separate from what the agency already owns. In response, DHS said its working on creating an in-house capability that should be online by August 31, 2016.
Internal vulnerabilities and a number of Windows configurations that didn’t meet FISMA requirements were also uncovered. Officials told the IG they have either closed those vulnerabilities or will plan to do so before the end of the year.
DHS is responsible for a number of top cyber programs, including the U.S. Computer Emergency Readiness Team, which issues alerts on various cyber threats and vulnerabilities in the public. DHS is also responsible for EINSTEIN, the intrusion detection system that monitors federal networks for malicious or unauthorized traffic.
You can access the full report below.