- The Department of Homeland Security (DHS) must continue to foster initiatives to improve federal cybersecurity measures, such as utilizing the National Cybersecurity Protection System (NCPS), according to the Government Accountability Office (GAO).
GAO maintained in a recent report that DHS “plays a key role in strengthening the cybersecurity posture of the federal government.” Cybersecurity attacks are becoming more sophisticated, which is why federal agencies must also evolve their security measures.
“Computer networks and systems used by federal agencies are often riddled with security vulnerabilities—both known and unknown,” GAO explained in its report. “These systems are often interconnected with other internal and external systems and networks, including the Internet, thereby increasing the number of avenues of attack and expanding their attack surface.”
However, there have been several areas where agencies have faced cybersecurity challenges, GAO noted.
First, agencies have had difficulties in enhancing their capabilities to effectively identify cyber threats to agency systems and information.
“A key activity for assessing cybersecurity risk and selecting appropriate mitigating controls is the identification of cyber threats to computer networks, systems, and information,” the report’s authors stated. “The impairments included an inability to recruit and retain personnel with the appropriate skills, rapidly changing threats, continuous changes in technology, and a lack of government-wide information sharing mechanisms.”
When these impairments are addressed, federal agencies be better able to identify system threats and implement necessary countermeasures, GAO explained.
Additionally, agencies have struggled with implementing sustainable processes for securely configuring operating systems, applications, workstations, servers, and network devices.
“Agencies were not always aware of the insecure settings that introduced risk to the computing environment,” the report stated. “We believe that establishing strong configuration standards and implementing sustainable processes for monitoring and enabling configuration settings will strengthen the security posture of federal agencies.”
GAO also noted that federal agencies have had trouble patching vulnerable systems and replacing unsupported software. However, vendor-supported and patched software will reduce the risk of known software vulnerabilities being exploited.
Finally, there have also been difficulties in agencies being able to develop “comprehensive security test and evaluation procedures and conducting examinations on a regular and recurring basis.”
“Federal agencies we have reviewed often do not test or evaluate their information security controls in a comprehensive manner,” GAO maintained. “The agency evaluations we reviewed were sometimes based on interviews and document reviews (rather than in depth security evaluations), were limited in scope, and did not identify many of the security vulnerabilities that our examinations identified.”
However, in-depth security evaluations that examine security processes and technical controls effectiveness will help identify potential vulnerabilities, according to GAO.
One specific area that DHS should continue to work on is with the NCPS, which provides the capability to detect and prevent potentially malicious network traffic from entering agency networks. While NCPS has the potential for helping federal agencies, GAO noted that it previously made recommendations for NCPS improvement in January 2016.
“To enhance the functionality of NCPS, we made six recommendations to DHS, which if implemented, could help the agency to expand the capability of NCPS to detect cyber intrusions, notify customers of potential incidents, and track the quality, efficiency, and accuracy of supporting actions related to detecting and preventing intrusions, providing analytic services, and sharing cyber-related information,” GAO explained, adding that DHS concurred with the recommendations at the time.
In February 2017, GAO followed up on the recommendations and said that progress had been made.
GAO also highlighted the DHS continuous diagnostics and mitigation (CDM) program. Citing previous investigations, GAO maintained that CDM “can assist agencies in resolving cybersecurity vulnerabilities that expose their information systems and information to evolving and pernicious threats.”
“These tools include sensors that perform automated scans or searches for known cyber vulnerabilities, the results of which can feed into a dashboard that alerts network managers and enables the agency to allocate resources based on the risk,” the report explained. “DHS, in partnership with and through the General Services Administration, established a government-wide acquisition vehicle for acquiring continuous diagnostics and mitigation capabilities and tools.”
Overall, there are numerous cybersecurity programs DHS is working on that can help federal measures in creating strong defense measures against cyber attacks.
“Enhancing NCPS’s capabilities and greater adoption by agencies will help DHS achieve the full benefit of the system,” GAO concluded. “Effective implementation of CDM functionality by federal agencies could better position them to protect their information technology resources from evolving and pernicious threats.”