The U.S. department charged with protecting government computers needs to secure its own information systems better, according to an audit released on Tuesday that showed lapses in internal systems used by the Secret Service and Immigration and Customs Enforcement.

The Department of Homeland Security also needs to establish a cyber training program for analysts and investigators, the audit said, with officials from several agencies blaming short-term budget allocations from Congress for their training cuts.

The audit identified deficiencies in ICE and Secret Service internal websites that “may result in loss, misuse, modification and unauthorized access to the department’s information systems and data.”

The websites are used by ICE and Secret Service agents to report investigation statistics, case tracking and information sharing, according to the report by the Office of the Inspector General for DHS.

The audit said the 240,000-employee department has made progress in strengthening cyber coordination between agencies and made nine recommendations, which DHS accepted and said it was working to address.

The recommendations come as federal government’s cyber security practices are under intense public scrutiny following recent breaches at the Office of Personnel Management, White House, State Department and other agencies.

The report focused on ICE, Secret Service and the National Protection and Programs Directorate, which is charged with protecting government computers and the nation’s critical infrastructure from cyber attack. Responsibilities of ICE and the Secret Service include money laundering, financial and commercial fraud, bank and credit card fraud and identity theft.

Officials from ICE, NPPD and the Secret Service told investigators the agencies’ ability to conduct proper training programs has been hampered by the stop-gap funding bills Congress has been passing because of its inability to approve yearlong spending in a timely way.

One ICE analyst told investigators he had not attended any formal training in four years, partly because of federal budget cuts known as sequestration, and invested his own time and money for cyber training.

“Without developing the department-wide training program, component personnel may not possess the skills necessary to perform their assigned incident response duties or investigative responsibilities in the event of a cyber attack,” the report said.

The inspector general also said the department needs to develop a strategic plan to coordinate cyber activities and would benefit from automated capability for near real-time incident information sharing.

(Reporting by Doina Chiacu; Editing by Cynthia Osterman)

This entry passed through the Full-Text RSS service – if this is your content and you’re reading it on someone else’s site, please read the FAQ at fivefilters.org/content-only/faq.php#publishers.

Related Posts

Facebook Comments

Return to Top ▲Return to Top ▲