The Homeland Security Department has received a mixed report from the inspector general on coordinating cyber operations across government, along with seven recommendations for improvement.
The IG conducted an audit of the National Protection and Programs Directorate. NPPD is primarily responsible for providing crisis management in response to cyber attacks and coordinating the sharing of cyber information.
A recent spike in cyber attacks has led to increased collaboration between the government and private sector, the report said. The Office of Cybersecurity and Communications (CS&C) within NPPD is “responsible for integrating cyber threat information from the five federal cybersecurity centers and collaborating with these centers in responding to cyber security incidents that may pose a threat to the nation.”
The report commended NPPD on some of its actions in coordinating cyber efforts between other federal centers. NPPD has established partnerships and increased communication by participation in regular meetings.
In collaboration with the FBI, it has also issued Joint Indicator Bulletins “to assist private sector partners in preventing cyber attacks and protecting intellectual property, trade secrets and sensitive business information from exploitation and theft.”
Despite these advances, the report said DHS still faces challenges in sharing cyber information across the government. The IG report cited a lack of standardized cyber incident reporting categories and insufficient staffing levels as a few of the challenges.
Because the various federal cyber operations centers do not have a standard set of categories to report cyber incidents, it makes it more difficult to share and coordinate data, the report said.
The Defense Department uses a 10-incident category system, while DHS uses a 7-incident category system. DoD developed a matrix to show the commonalities and differences between the two systems, but “officials believe that further actions are needed.”
CS&C said the guidelines should focus on the effects of a cyber incident, rather than solely what happened. The IG recommended that DHS collaborate with DoD and the National Institute of Standards and Technology to develop a standardized way to report cyber incidents and “ensure seamless information sharing.”
The report also recommended increasing staffing so that analysts are able to respond to cyber attacks that may happen at any time, along with specialized training for the analysts.
Because of sequestration, NPPD suspended all training in March 2013. To meet training requirements, NPPD personnel attended free courses through DHS’ centralized learning management system and local conferences. However, these courses do not “provide incident responders with the specialized training needed to perform their assigned functions,” the report said.
The IG report’s final recommendations were around NPPD’s outdated continuity of operations plan (COOP).
The purpose of COOP is to maintain and restore business operations in the event of an emergency or disaster. The report said the NPPD did not update its COOP to reflect the directorate’s realignment in October 2012. As a result, subcomponents of NPPD must rely on an outdated plan to restore mission-essential function in the event of an emergency.
The report said NPPD concurs with all of the recommendations and will take the necessary measures to implement them.