GAO: DHS cybersecurity plans need more work
One congressman called the department's efforts so far 'unacceptable'
Computerworld - The U.S. Department of Homeland Security must do more to protect the nation's critical information infrastructure, according to a report released today by the Government Accountability Office (download PDF).
While the agency has begun efforts to fulfill its cybersecurity duties, "it has not fully addressed any of the 13 [primary] responsibilities, and much needs to be done," the GAO said.
Those responsibilities include developing a national plan for critical infrastructure protection that includes cybersecurity; developing partnerships and coordinating efforts with other federal agencies, state and local governments and the private sector; improving public/private sharing of information on cyberattacks, threats and vulnerabilities; and developing and improving national cyberanalysis and warning capabilities.
The DHS has already established the U.S. Computer Emergency Readiness Team (U.S. CERT) as a public/private partnership to make cybersecurity a coordinated national effort, the GAO said. And it has established forums designed to build trust and information sharing among federal officials with information security responsibilities and law enforcement entities.
But it has not yet developed national cyberthreat and vulnerability assessments or contingency plans for cybersecurity -- including a plan for recovering key Internet functions, the GAO said.
The report prompted members of Congress to call on the DHS to get moving.
"I am troubled that more progress has not been made," Sen. Joseph I. Lieberman (D-Conn.) said in a statement. "We have a long road ahead before the cyberstructure that underpins our nation's critical infrastructure is secured from pranksters and saboteurs."
"GAO's analysis affirms what this committee has been saying for the past two and a half-years -- the status quo does not serve our cybersecurity needs," U.S. Rep. Christopher Cox, (R-Calif.), chairman of U.S. House Committee on Homeland Security, said in a statement. "Responsibility for cybersecurity needs to be elevated and better coordinated within the department. The nation needs a principal federal authority on cybersecurity to secure this vital component of our national infrastructure."
Rep. Bennie G. Thompson (D-Miss.), ranking member of that same committee, said in a statement he is concerned that "the DHS is bogged down by the wrong priorities and is unable to carry out its responsibility to improve the nation's cybersecurity infrastructure protections."
Thompson noted that the DHS needs to do more to develop its ability to analyze computer-based threats, something the GAO urged the department to complete in 2001. "As long as the department is not our nation's focal point for cybersecurity, our critical infrastructures remain largely unprepared or unaware of cybersecurity risks and how to respond to cyberemergencies," he said. "This is unacceptable, as so much of our daily lives --
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts