Submitting OIG:
Report Description:
We determined that the Department has addressed the requirements of the Cybersecurity Act of 2015. However, the Department faces challenges effectively sharing cyber threat information across Federal and private sector entities. For example, the system DHS uses does not provide the contextual data needed to effectively defend against threats. DHS lacks a cross-domain information processing solution and automated tools to analyze and share threat information timely. DHS needs to enhance its outreach program to increase participation and improve coordination of information sharing across its partners. Further, our security testing identified configuration and patch management deficiencies related to the systems DHS uses to process and share threat information. We made five recommendations to the National Protection Programs Directorate (NPPD) to enhance the overall effectiveness of DHS’ information sharing program, including acquiring technologies needed for cross-domain sharing and automated analysis of cyber threat data, enhancing outreach to promote sharing, and implementing required security controls on selected information systems. The component concurred with all five recommendations.
Date Issued:
Wednesday, November 1, 2017
Agency Reviewed / Investigated:
Submitting OIG-Specific Report Number:
OIG-18-10
Component, if applicable:
National Protection and Programs Directorate (NPPD)
United States Secret Service (USSS)
Location(s):
United States
Type of Report:
Audit
Number of Recommendations:
5
View Document:
Attachment | Size |
---|---|
OIG-18-10-Nov17.pdf | 1.55 MB |
Additional Details Link: