OIG-15-140 September 4, 2015 DHS OIG HIGHLIGHTS DHS Can Strengthen Its Cyber Mission Coordination Efforts

OIG-15-140 September 4, 2015 DHS OIG HIGHLIGHTS DHS Can Strengthen Its Cyber Mission Coordination Efforts

DHS Can Strengthen Its Cyber Mission Coordination Efforts OIG-15-140 September 4, 2015 DHS OIG HIGHLIGHTS DHS Can Strengthen Its Cyber Mission Coordination Efforts September 4, 2015 What We Found Department of Homeland Security (DHS) components have Why We Did strengthened coordination in performing their cyber This Audit missions. For example, United States Immigration and Customs Enforcement (ICE) and United States Secret We audited the DHS components’ coordination Service (USSS) have enhanced relationships with the in performing their cyber National Protection and Programs Directorate’s (NPPD) missions. We sought to National Cybersecurity and Communications Integration determine whether their Center to improve information sharing and coordination on cyber roles and incident response and investigation. responsibilities have been well delineated and a Despite these positive steps, the Department can take process is in place for additional actions to improve its cyber mission department-wide coordination. For example, the Office of Policy has not information sharing and developed a cyber strategic implementation plan due to its coordinated response to recent establishment and limited staff. Without a strategic cyber incidents and plan, DHS cannot effectively align the components’ cyber criminal investigations. We also evaluated the responsibilities and capabilities with DHS’ overall mission. components’ compliance with applicable DHS Further, DHS needs to establish a cyber training program information security to provide its analysts and investigators with the skills requirements. needed to effectively perform their duties at ICE, NPPD, and USSS. An automated cyber information sharing tool is needed to enhance coordination among the components. What We Moreover, we identified deficiencies regarding ICE and Recommend USSS’ implementation of DHS baseline configuration settings, vulnerability management, weakness remediation, We recommended that DHS develop both a and specialized security training that may result in loss, department-wide cyber misuse, modification, and unauthorized access to the strategy and a security Department’s information systems and data. training program. DHS components must also address the information Management Response security deficiencies we identified. DHS concurred with all nine recommendations and has implemented corrective actions to address the findings. We considered recommendations 1–5, 7, and 9 open and resolved. Recommendations 6 and 8 are open and For Further Information: unresolved. Contact our Office of Public Affairs at (202) 254-4100, or email us at [email protected] www.oig.dhs.gov OIG-15-140 ..~='~: ~ °~ p OFFICE OF INSPECTOR GENERAL ~`'~ND S~~'~' Department of Homeland Security Washington, DC 20528 / www.oig.dhs.gov September 4, 2015 MEMORANDUM FOR: Andy Ozment Assistant Secretary, Office of Cybersecurity and Communications National Protection and Programs Directorate Rosemary Wenchel Acting Assistant Secretary for Cyber, Infrastructure, and Resilience Office of Policy Peter Edge Executive Associate Director of Homeland Security Investigations U.S. Immigration and Customs Enforcement Craig Magaw Deputy Director U. S~c~~t Serv'ce U~ FROM: Sondra F. M auley Assistant Inspector General Office of Information Technology Audits SUBJECT: DHS Can Strengthen Its Cyber Mission Coordination Efforts Attached for your action is our final report, DHS Can Strengthen Its Cyber Mission Coordination Efforts. We incorporated the Department's comments in our report. The report contains nine recommendations aimed at enhancing the program's overall effectiveness. The Department concurred with all nine recommendations. Based on information provided in your response to the draft report, we consider recommendations 6 and 8 open and unresolved. As prescribed by the Department of Homeland Security Directive 077-01, Follow- Up and Resolutionsfor the Office ofInspector General Report Recommendations, within 90 days of the date of this memorandum, please provide our office with a written response that includes your (1) agreement or disagreement, (2) corrective action plan, and (3) target completion date for each recommendation. Also, please include responsible parties and any other OFFICE OF INSPECTOR GENERAL Department of Homeland Security supporting documentation necessary to inform us about the current status of the recommendations. Until your response is received and evaluated, the recommendations will be considered open and unresolved. Based on information provided in your response to the draft report, we consider recommendations 1-5, 7, and 9 open and resolved. Once your office has fully implemented the recommendations, please submit a formal closeout letter to us within 30 days so that we may close the recommendations. The memorandum should be accompanied by evidence of completion of agreed-upon corrective actions and of the disposition of any monetary amounts. Please send your response or closure request to [email protected]. Consistent with our responsibility under the Inspector General Act, we will provide copies of our report to congressional committees with oversight and appropriation responsibility over the Department of Homeland Security. We will post the report on our website for public dissemination. Please call me with any questions, or your staff may contact Chiu-Tong Tsang, Director, Cybersecurity and Intelligence Division, at (202) 254-5472. Attachment www.oig.dhs.gov 2 OIG-15-140 OFFICE OF INSPECTOR GENERAL Department of Homeland Security Table of Contents Background ............................................................................................3 Results of Audit ......................................................................................4 Progress in Coordinating Cyber Mission Activities ..................................5 Challenges in Cyber Mission Coordination and Response ........................6 DHS Must Develop a Strategic Implementation Plan to Improve Cyber Awareness across Components...........................6 Recommendation...........................................................................7 DHS Has Not Established a Department-wide Cyber Training Program ..........................................................................9 Recommendation........................................................................10 DHS Components Would Benefit from an Enterprise-wide Automated Capability for Sharing Cyber Information ..................11 Recommendation........................................................................13 Technical Enhancements Could Strengthen Cyber Mission Information Systems...................................................................14 Recommendations ......................................................................16 ICE and USSS Are Not Compliant with Certain DHS Information Security Program Requirements...............................18 Recommendations ......................................................................20 Appendixes Appendix A: Objective, Scope, and Methodology .......................22 Appendix B: DHS Comments to the Draft Report. .....................24 Appendix C: Office of Information Technology Audits Major Contributors to This Report ...................................30 Appendix D: Report Distribution...............................................31 Abbreviations C3 Cyber Crimes Center CETS Child Exploitation Tracking System CHCO Chief Human Capital Officer CIDS Criminal Investigative Division Suite CIO Chief Information Officer www.oig.dhs.gov 1 OIG-15-140 OFFICE OF INSPECTOR GENERAL Department of Homeland Security CIR Office of Cyber, Infrastructure and Resilience CMSI CyberSkills Management Support Initiative DHS Department of Homeland Security ICE United States Immigration and Customs Enforcement ISSO Information System Security Officer NCCIC National Cybersecurity and Communications Integration Center NPPD National Protection and Programs Directorate OIG Office of Inspector General OMB Office of Management and Budget PLCY Office of Policy POA&M Plan of Action and Milestones USSS United States Secret Service www.oig.dhs.gov 2 OIG-15-140 OFFICE OF INSPECTOR GENERAL Department of Homeland Security Background Prevalent cyber attacks, including attempts to gain unauthorized access to information systems or sensitive data stored and processed by these systems, have triggered an expansion of cybersecurity initiatives in the government and private sectors. The President has identified cybersecurity as one of the most serious economic and national security challenges we face as a Nation. One of the Department’s missions is to coordinate national protection, prevention, mitigation of, and recovery from cyber incidents, and to oversee the protection of the Federal network (.gov). Table 1 depicts some of the core cyber responsibilities of DHS and several of its components. Table 1. DHS’ Core Cyber Responsibilities ICE NPPD USSS - Identity and benefit document - Critical infrastructure protection - Financial payment systems fraud - Intrusion detection and protection - Money laundering prevention for Federal networks - Critical infrastructure - Financial fraud - Cyber threat and vulnerability protection - Commercial fraud analysis dissemination - Identity theft - Counter-proliferation - Network and digital media - Credit card fraud investigations analysis - Bank fraud - Narcotics trafficking - Coordination of national - Illegal exports response to significant

View Full Text

Details

  • File Type
    pdf
  • Upload Time
    -
  • Content Languages
    English
  • Upload User
    Anonymous/Not logged-in
  • File Pages
    36 Page
  • File Size
    -

Download

Channel Download Status
Express Download Enable

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

  • Not to be reproduced or distributed without explicit permission.
  • Not used for commercial purposes outside of approved use cases.
  • Not used to infringe on the rights of the original creators.
  • If you believe any content infringes your copyright, please contact us immediately.

Support

For help with questions, suggestions, or problems, please contact us