DHS IGDHS WAN susceptible to service disruptions

DHS’s wide area network (WAN) is susceptible to service disruptions and losing data because of a high volume of security problems, a recent audit says. The Office of the Inspector General found that DHS had sixty-five million security event messages from February through April 2005, and 6.5 million were tagged as possible misuse of computers to access pornography Web sites. The overall figure represents an increase of more then a 400 percent from the year before, but the number of porn warnings could be due to legitimate law enforcement investigations, DHS information officers told the OIG in an audit released at the end of 2005. This is difficult to determine because of the way the network is monitored.

There are rules requiring DHS to monitor the network, which serves twenty-two organizations under its umbrella, but DHS turned responsibility for monitoring over to U.S. Customs and Border Protection with no formal agreement about how they should collaborate, according to the audit.

According to the audit, DHS needs to improve its incident response capabilities, choose more effective means of collecting, analyzing, and reporting data, and build communication between various groups such as legal, human resources, and external groups. It should also appoint an information security manager for the WAN, create a security operations center for the network and sign interconnection service agreements for systems connected to the network. Finally, DHS needs to draft security plans, institute certification and accreditation requirements, perform risk assessments, add equipment for traffic analysis, and comply with its own investment policies. DHS has not received all of the approvals it needs for its network. That means it “risks spending on investments which may not directly support or further its mission.”

-see IG audit report at DHS Web site