Report: US lacks staff, power to protect networks
June 17, 2010 The U.S. Computer Emergency Readiness Team must share
information about threats and trends more quickly and in greater
detail with other federal departments so they can better protect
themselves, the audit said.
Issued Wednesday by the Homeland Security Department's inspector
general, the report lays out criticism that long has been aired by
U.S. officials and outside experts who say the government's
computer systems are vulnerable to attacks, are persistently
probed, and lack the needed management and security standards.
And it highlights many of the problems Congress is trying to
address in a number of bills aimed at creating a more effective
government structure to improve and enforce security standards.
Cyber security has become a top priority for the government,
bolstered by President Barack Obama's declaration last year that it
is "one of the most serious economic and national security
challenges we face." Officials say U.S. networks are scanned and
probed millions of times a day, and in some cases breached by
hackers, cyber criminals and other nations.
The 35-page report said the Computer Emergency Readiness Team,
which is a part of DHS, has made progress helping federal agencies
protect against computer-based threats, including the creation of a
cyber center. But it said the team does not have the enforcement
authority it needs to get other federal agencies to take the steps
required to secure their systems.
In a detailed response to the report, DHS Undersecretary Rand
Beers noted that the inspector general did not make a
recommendation on how the agency could gain more enforcement
authority. But he said the agency agrees that giving DHS more
formal authority would be helpful.
Members of Congress currently are tussling over legislation that
would give Homeland Security greater power to draft and enforce
standards, and require federal agencies to more quickly address
gaps in their computer systems. Other lawmakers say that authority
should reside in the White House and with the National Institute of
Standards and Technology.
Sen. Susan Collins, R-Maine, who along with Sen. Joe Lieberman,
I-Conn., has legislation to increase the DHS' power, said the
agency needs "precise authorities with real teeth." That effort
got a boost Wednesday as key House members said they would
introduce a similar bill.
The report also said the Computer Emergency Readiness Team has
been plagued with staff shortages and leadership turnover,
hindering its ability to retain qualified staff. And due to the
security clearance process, it can take nine months to 12 months
for a new hire to begin work.
DHS is in the middle of a major boost in staffing. In early
2009, the readiness team had 16 employees, but the number jumped to
31 by October, and is now at 55, with another 25 workers in the
hiring process.
The report notes that officials from other federal agencies have
complained that the readiness team doesn't quickly share data on
cyber threats or incidents. DHS officials responded that much of
the data is from intelligence agencies and is classified at various
levels, making it difficult to coordinate and share.