GAO Raises concerns about US-CERT
A government watchdog agency has slapped the wrists of the US Department of Homeland Security for failing to adequately protect the nation’s critical computer networks, in a report that picks out the US Computer Emergency Readiness Team’s lack of efficiency.
US-CERT is tasked with protecting private and government-run computer networks in America.
A member of the Government Accountability Office said that US-CERT should do a better job of monitoring network activity “for anomalies to determine whether they are threats, warning appropriate officials with timely and actionable threat and mitigation information, and responding to the threat.”
He also criticised US-CERT for weaknesses identified during a 2006 cyber-security drill at the hearing on Capitol Hill last Tuesday.
A draft report issued by the GAO claims that US-CERT “lacks a comprehensive baseline understanding of the nation’s critical information infrastructure operations, does not monitor all critical infrastructure information systems, does not consistently provide actionable and timely warnings, and lacks the capacity to assist in mitigation and recovery in the event of multiple, simultaneous incidents of national significance.”
It also believes US-CERT “still does not exhibit aspects of the attributes essential to having a truly national capability.”
DHS officials defended their capabilities but also admitted that they need to do more to safeguard the nation’s infrastructure. “We are undertaking something not unlike the Manhattan Project,” a DHS spokesman said. “We have set a strong cyber strategy, recently created the National Cyber Security Center, and are in the process of aggressively hiring several hundred analysts to further our mission of security critical infrastructure.”
Among the planned enhancements is a system called Einstein, which collects, correlates, analyses and share computer security information with US-CERT members.
Leave a Comment