The federal agency in charge of protecting the U.S. Internet infrastructure and coordinating defense against and responses to cyber attacks is not well prepared to do so, according to a report released today by the Office of Inspector General.
US-CERT was created in 2003 to protect the federal government network infrastructure by coordinating efforts to defend against and respond to cyber attacks. Specifically, its responsibility includes analyzing and reducing cyber threats and vulnerabilities, disseminating cyber threat warning information, and coordinating cyber incident response activities.
Although the federal watchdog has made progress in implementing a cybersecurity program to help federal agencies in protecting their IT systems against cyber threats and facilitated cybersecurity information sharing with the public and private sectors, US-CERT falls short in several areas. The findings of the report indicate US-CERT is not fully capable to provide an effective analysis and warning program for the federal government. Another shortcoming is the lack of manpower and appropriate enforcement authority to help mitigate security incidents. Additionally, US-CERT has yet to create a strategic plan to formalize goals, objectives and milestones, the study noted.
“Without a strategic plan, US-CERT may have difficulty in achieving its goal to provide response support and defense against potential cyber attacks for the federal government,” said Inspector General Richard L. Skinner in the report.
To help fix the existing problems, the Office of Inspector General recommended US-CERT should improve its information sharing and communications coordination efforts with the public and improve its situational awareness and identification capability by monitoring the federal cyber infrastructure for network anomalies in real-time.