Department of Homeland Insecurity? DHS Vulnerable to Cyber Attacks, Watchdog Says
Policy + Politics

Department of Homeland Insecurity? DHS Vulnerable to Cyber Attacks, Watchdog Says

iStockphoto

A U.S. agency tasked with responding to national cybersecurity issues is having difficulty coordinating its own cybersecurity efforts, according to a new report.

The Department of Homeland Security’s Office of Inspector General looked at the cybersecurity programs in place across three DHS agencies: Immigration and Customs Enforcement, the National Protection and Programs Directorate and the U.S. Secret Service. The inspector general found that miscommunication and a lack of coordination between these departments has led to confusion and could potentially lead to security lapses.

Related: Obama’s Cyber Security Failure Creates Greater Threat Than ISIS

“This lack of understanding has led to conflicts regarding assignments and response to incidents,” the report reads. “Ultimately, the confusion may have restricted DHS from using all of its cyber security capabilities or caused delays in its response and recovery efforts.”

The IG’s audit recommends that the DHS create a centralized cyber training program for all of its employees. Some agencies within the department are spending large amounts of money to create their own training courses, but a department-wide training program would be more cost-effective, the IG report says.

DHS officials have also complained that mandated budget cuts have limited the scope and effectiveness of cybersecurity training programs. One employee told the auditors that budget cuts have prevented him from attending any formal cybersecurity training in four years, but that he has invested his own time and money in such training.

While the report did say that DHS has taken steps to address these bureaucratic hindrances, additional actions are still needed to strengthen the department’s vulnerabilities. “If not addressed, these deficiencies could result in the loss, misuse, modification, and unauthorized access to the Department’s information systems and data,” the report warns. In other words, the websites and computer systems of Immigration and Customs Enforcement and the Secret Service are vulnerable to attack.

Related: Cyber Security Office Deemed Dysfunctional

The newly established DHS Office of Cyber, Infrastructure and Resilience (CIR) has been tasked with improving relations across agencies and preventing redundancies and duplication of effort, but hasn’t yet been able to fulfill its duties due to limited staffing and having been created only recently, according to the report.

The inspector general cited the need for the division to develop a strategic implementation plan, without which, it “cannot ensure that DHS is effectively performing its cyber mission or ensure that components clearly understand one another’s cyber responsibilities, capabilities, or key mission areas.”

DHS agreed with all of the recommendations that the inspector general offered and said it has already started working on some.

TOP READS FROM THE FISCAL TIMES