The government agency responsible for defending federal networks from hackers needs to better secure its own internal systems, a government watchdog report released Tuesday concluded.
The Department of Homeland Security (DHS) lags in coordinating and training its cybersecurity staff, potentially exposing networks at the Secret Service and Immigration and Customs Enforcement (ICE), which are agencies within the DHS.
{mosads}“While our audit showed improved coordination between DHS components in carrying out their cybersecurity functions, we have identified duplication of effort and lack of effective policies and controls,” said DHS Inspector General John Roth in a statement.
Officials at these offices told the watchdog that limited staff resulting from short-term budget deals were partly to blame. Congress nearly shut down the DHS in February when lawmakers held up the agency’s funding over President Obama’s recent executive orders on immigration.
“Budgetary constraints caused by recent continuing resolutions have limited their ability to provide their personnel with all the cybersecurity training they need,” the report said.
The DHS has played an increasingly important role in securing government networks as agencies battle a growing deluge of cyberattacks from overseas.
Lawmakers clarified the department’s cyber role with a series of bills passed late last year.
The measures officially authorized the DHS’s cyber hub — the National Cybersecurity and Communications Integration Center (NCCIC) — which collects and analyzes data on cyber threats. A major pending cybersecurity bill would enable the private sector to share more data with the NCCIC.
Another measure would give the DHS more authority to proactively step in an investigate or install cyber defenses at other agencies.
But the inspector general report raises questions about whether the agency has the resources it needs to take on such responsibility.
The report said many cyber analysts at both ICE and the Secret Service were “required to obtain free training.”
Both agencies help investigate financial fraud and identity theft.
One ICE analyst told the inspector general “that he has not attended any formal training in four years, in part because of the sequestration. Additionally, in the past, this analyst invested his own time and money to obtain cyber training.”
The result is a network at risk to hackers. The report said the internal websites that ICE and the Secret Service use to report investigation statistics, track cases and swap information are vulnerable to data breaches.
DHS officials have implemented plans to address all of the watchdog’s recommendations.