US-CERT Falls Short on Cyber Preparedness, Says Inspector General

CyberspaceThe federal agency in charge of protecting the U.S. Internet infrastructure and coordinating defense against and responses to cyber attacks is not well prepared to do so, according to a report released today by the Office of Inspector General.

US-CERT was created in 2003 to protect the federal government network infrastructure by coordinating efforts to defend against and respond to cyber attacks. Specifically, its responsibility includes analyzing and reducing cyber threats and vulnerabilities, disseminating cyber threat warning information, and coordinating cyber incident response activities.

Although the federal watchdog has made progress in implementing a cybersecurity program to help federal agencies in protecting their IT systems against cyber threats and facilitated cybersecurity information sharing with the public and private sectors, US-CERT falls short in several areas. The findings of the report indicate US-CERT is not fully capable to provide an effective analysis and warning program for the federal government. Another shortcoming is the lack of manpower and appropriate enforcement authority to help mitigate security incidents. Additionally, US-CERT has yet to create a strategic plan to formalize goals, objectives and milestones, the study noted.

“Without a strategic plan, US-CERT may have difficulty in achieving its goal to provide response support and defense against potential cyber attacks for the federal government,” said Inspector General Richard L. Skinner in the report.

To help fix the existing problems, the Office of Inspector General recommended US-CERT should improve its information sharing and communications coordination efforts with the public and improve its situational awareness and identification capability by monitoring the federal cyber infrastructure for network anomalies in real-time.

You may also be interested in...

David McKeown

David McKeown: DOD Eyes Creation of Zero-Trust-Focused Portfolio Office

David McKeown, the Department of Defense's (DOD) equivalent of a chief information security officer, said DOD is looking to establish a portfolio management office that specializes in zero-trust cybersecurity. The office's creation would help DOD centralize and manage efforts to implement a zero-trust architecture, which strictly imposes requirements before one is able to access the defense network.

Leave a Reply

Your email address will not be published. Required fields are marked *