IG: DHS’ Own Cyber Plan Lacking

Thursday, December 5, 2013 @ 12:12 PM gHale

Do as I say; not as I do? That might be the call to action at the Department of Homeland Security as it is having a hard time protecting itself, said the Inspector General.

The agency for months failed to patch its systems regularly against known cyber security threats or scan its networks consistently, in real time, to keep out digital malefactors, according to a report released Monday from the DHS inspector general.

RELATED STORIES
Feds’ Security Practices Lacking
Data Breaches Go Undisclosed
Security: A Strategic Voice
NIST Seeks Smart Grid Comments

Some at DHS even had been using an old, soon-to-be unsupported version of Microsoft Windows, according to the IG, whose conclusions are the result of earlier studies issued throughout 2013. DHS also lagged in developing a more secure system to ensure the right employees are accessing the right data, the IG said.

DHS did get some good grades from the IG. The agency, for its part, told the IG it has remedied some of the worst mistakes, with an eye on additional fixes next year. A spokesman said DHS “continues to improve and strengthen our capabilities to address” cyber risks.

DHS occupies the front lines of the government’s work on cyber security. For one thing, the agency plays a key role advising other federal entities on the best ways to combat cybercriminals. DHS also must work alongside the private sector on voluntary improvements to their digital defenses, according to the executive order signed by the president in February.

The IG’s latest report, finished this month and published Monday, reached many of the same conclusions from studies it issued this summer. It doesn’t appear DHS implemented some of the IG’s earlier recommended fixes.



Leave a Reply

You must be logged in to post a comment.