Feeds

Watchdog: US Computer Emergency Readiness Team isn't ready

Nation not secure

Next gen security for virtualised datacentres

A government watchdog agency has taken the US Department of Homeland Security to task for failing to adequately protect the nation's critical computer networks in a report that singles out the US Computer Emergency Readiness Team.

In a hearing on Capitol Hill Tuesday, a member of the Government Accountability Office said US-CERT should do a better job of monitoring network activity "for anomalies to determine whether they are threats, warning appropriate officials with timely and actionable threat and mitigation information, and responding to the threat," according to Nextgov. He also criticized US-CERT for weaknesses identified during a 2006 cybersecurity drill.

A draft report issued by the GAO, and reported here by BusinessWeek, is considerably harsher. It claims US-CERT "lacks a comprehensive baseline understanding of the nation's critical information infrastructure operations, does not monitor all critical infrastructure information systems, does not consistently provide actionable and timely warnings, and lacks the capacity to assist in mitigation and recovery in the event of multiple, simultaneous incidents of national significance."

It also says US-CERT "still does not exhibit aspects of the attributes essential to having a truly national capability."

DHS officials defend their capabilities but also say they are the first to admit they need to do more to safeguard the nation's infrastructure. "We are undertaking something not unlike the Manhattan Project," a DHS representative told BusinessWeek. "We have set a strong cyber strategy, recently created the National Cyber Security Center, and are in the process of aggressively hiring several hundred analysts to further our mission of security critical infrastructure."

Among the planned enhancements is a system known as Einstein, which collects, correlates, analyzes and shares computer security information with US-CERT members.

US-CERT was established in 2003 and shoulders primary responsibility for protecting private and government-run computer networks in the US. It is partnership between the DHS and the public and private sectors. ®

The essential guide to IT transformation

More from The Register

next story
Goog says patch⁵⁰ your Chrome
64-bit browser loads cat vids FIFTEEN PERCENT faster!
Chinese hackers spied on investigators of Flight MH370 - report
Classified data on flight's disappearance pinched
NIST to sysadmins: clean up your SSH mess
Too many keys, too badly managed
Scratched PC-dispatch patch patched, hatched in batch rematch
Windows security update fixed after triggering blue screens (and screams) of death
Researchers camouflage haxxor traps with fake application traffic
Honeypots sweetened to resemble actual workloads, complete with 'secure' logins
Attack flogged through shiny-clicky social media buttons
66,000 users popped by malicious Flash fudging add-on
prev story

Whitepapers

Best practices for enterprise data
Discussing how technology providers have innovated in order to solve new challenges, creating a new framework for enterprise data.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Advanced data protection for your virtualized environments
Find a natural fit for optimizing protection for the often resource-constrained data protection process found in virtual environments.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?