CybersecurityDHS struggling to respond to cybersecurity threats: IG

A recent report by DHS inspector general (IG) has documented the agency’s struggle to respond to cybersecurity threats and its inability to disseminate information about threats because of technical, funding, and staffing challenges.

Despite the increase in cyberattacks against American infrastructure, banks, businesses, and federal agencies, DHS lacks sufficient tools effectively to track attacks, and the agency needs additional analysts to interpret and share its information in real time. The IG report also claims that the agency does not do enough to train its existing cybersecurity workforce.

Politico notes that the IG report is based on an audit conducted between January and May 2013. Released on 4 October 2013, at a time when DHS is without a leader, while President Barack Obama’s nomination of Jeh Johnson to head DHS awaits a senate confirmation hearing.

The report also comes at a critical time since President Obama signed an executive order in February 2013, instructing DHS to develop a system for sharing threat data with the private sector in order to improve cybersecurity initiatives within the private sector. DHS’ National Protection and Programs Directorate (NPPD) is currently responsible for cybersecurity initiatives. A key element of NPPD is the National Cybersecurity and Communications Integration Center (NCCIC). The center works with other federal agencies, state entities, and the private sector on cybersecurity. The agency has developed partnerships with federal and state agencies to share issues and notices on cyberthreats, but according to the IG report, the agency faces “challenges in sharing cyber threat information with other federal cyber operations centers.”

As is the case with other federal cyber operation centers, NCCIClack a common database to share information. According to the IG report, while the agencies involved in cyber operations have some tools to track cybersecurity incidents, and their leaders may communicate with each other, “no single entity combines all information available from these centers and other sources to provide a continuously updated, comprehensive picture of cyberthreat and network status to provide indications and warning of imminent incidents, and to support a coordinated incident response.”

DHS is now developing tools to improve the sharing of cybersecurity threat data and plans to implement the tools in 2014. “The Department of Homeland Security actively collaborates and shares information with public- and private-sector partners every day to respond to and coordinate mitigation in the face of attempted disruptions to the nation’s critical cyber and communications networks and to reduce adverse impacts on critical network systems,” a DHS spokesman told Politico.

The IG report noted that staffing deficiencies may be one of the reasons for DHS’ inability to operate effectively when dealing with cyberthreats. A DHS entity tasked with providing operational support and cyberthreat analysis “can currently provide coverage only for 14 hours per day for 5 days per week,” the IG says, leaving “a weekly total of 98 hours” that it is “not providing coverage support.”

The IG report also discovered that the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), a DHS entity, does not have the “required personnel to assist in the continuous operations” at its current levels.

For current employees at NCCIC, the IG expressed concerns regarding insufficient training resources. The NCCIC “does not have sufficient resources to provide specialized training to incident responders,” the report documented. A review of NCCIC’s records between 2009 and 2013 revealed that only ten oftwenty-two analysts had “technical training.” The IG and DHS have attributed some staffing deficiencies to funding shortages, including the recent sequestration.