The Department of Homeland Security offers cybersecurity services to states and other Federal agencies. However, the agency’s cyber systems are not exercising their full potential, the Government Accountability Office found.
In a report published March 28, GAO revealed that DHS’s National Cybersecurity Protection System faces limitations in its detection and analysis tools. NCPS offers a detection service that can prevent potentially malicious network traffic from entering an agency’s network. However, GAO reports that NCPS did not evaluate a certain type of network traffic, meaning potentially malicious content, had it appeared, would have gone undetected.
NCPS also did not examine traffic for common vulnerabilities, which cyberattackers could exploit, the report states. Federal agencies have adopted the system to varying degrees.
“GAO noted that expanding NCPS’s capabilities, such as those for detecting and preventing malicious traffic and developing network routing guidance, could increase assurance of the system’s effectiveness in detecting and preventing computer intrusions and support wider adoption by agencies,” GAO’s report states.
NCPS is not DHS’s only cybersecurity service that could see more widespread Federal use, GAO found. Only two agencies have completely installed agency-level dashboards for the Continuous Diagnostics and Mitigation program. The CDM program allows DHS to evaluate the infrastructures of other agencies and gives the agencies tools and contract support. The purpose of this program is to improve agencies’ network monitoring and analysis practices.
By May 2016, GAO reported that 14 of the 17 agencies covered by the Chief Financial Officers Act were in the early stages of CDM installation. These agencies have deployed products to automate hardware and software asset inventories, configure settings, and conduct vulnerability management checks. However, only two of these 14 agencies have completely put CDM services into place.
“The effective implementation of the CDM program can assist agencies in resolving cybersecurity vulnerabilities that expose their information systems and information to evolving and pernicious threats,” the report states.
GAO reported that most agencies that use DHS’s cybersecurity tools found the services useful. In addition to using these cyber programs, the report reveals that some agencies also distribute monthly operational bulletins, conduct CyberStat reviews, and lead cyber exercises.
GAO made nine recommendations relating to the expansion of NCPS’s capabilities and an increase in information sharing. DHS concurred with all recommendations.