Cybersecurity at DHS: Pros and ConsGAO Head Provides Appraisal to Senate Committee
"DHS has made important progress in implementing and strengthening its mission functions over the past eight years, including implementing key homeland security operations and achieving important goals and milestones in many areas," Dodaro, who heads the Government Accountability Office, said in a testimony before the Senate Homeland Security and Governmental Affairs Committee. "However, more work remains for DHS to address gaps and weaknesses in its current operational and implementation efforts, and to strengthen the efficiency and effectiveness of those efforts to achieve its full potential."
As part of his written testimony, Dodaro discussed improvements in IT security DHS has achieved and challenges that still must be met.
Dodaro said DHS expanded its efforts to conduct cybersecurity risk assessments and planning, provided for the protection and resilience of cyber assets and implement cybersecurity partnerships and coordination mechanisms.
He cited DHS's development of the first National Cyber Incident Response Plan in September 2010 to coordinate the response of multiple federal agencies, state and local governments and hundreds of private firms, to incidents at all levels.
DHS also took steps to secure external network connections in use by the federal government by establishing the National Cybersecurity Protection System, operationally known as Einstein, to analyze computer network traffic information to and from agencies, Dodaro said. In 2008, he noted that DHS developed Einstein 2, which incorporated network intrusion detection technology into the capabilities of the initial version of the system.
He credited DHS's efforts to enhance cyber analysis and incident warning capabilities through the establishment of the U.S. Computer Emergency Readiness Team, which, among other things, coordinates the nation's efforts to prepare for, prevent, and respond to cyber threats to systems and communications networks. DHS also demonstrated progress in addressing lessons it had learned from a major cyberattack exercise, Cyber Storm, to strengthen public and private incident response capabilities.
What Remains to Be Done
Still, sounding like his subordinates - many GAO audits start off by saying progress has been made but more work needs to be done - Dodaro said key challenges remain in DHS's cybersecurity efforts.
One example he cited: expanding its protection and resiliency efforts. DHS needs to lead a concerted effort to consolidate and better secure Internet connections to federal agencies.
DHS, he said, faced challenges regarding deploying Einstein 2, including understanding the extent to which its objective was being met because the department lacked performance measures that addressed whether agencies report whether the alerts represent actual incidents.
The department also faces challenges in fully establishing a comprehensive national cyber analysis and warning capability. For example, he said, U.S.-CERT did not fully address 15 key attributes of cyber analysis and warning capabilities. These attributes are related to monitoring network activity to detect anomalies, analyzing information and investigating anomalies to determine whether they are threats, warning appropriate officials with timely and actionable threat and mitigation information and responding to the threat.
U.S.-CERT, for example, provided warnings by developing and distributing a wide array of notifications, but these notifications weren't consistently actionable or timely. "Expectations of private sector stakeholders are not being met by their federal partners in areas related to sharing information about cyber-based threats to critical infrastructure," he said.