Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Information-Security-News
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[ISN] GAO: DHS cybersecurity plans need more work

from [InfoSec News] Network Security [Permanent Link]
Subject: [ISN] GAO: DHS cybersecurity plans need more work
Date: Fri, 27 May 2005 02:27:09 -0500 (CDT) 
http://www.computerworld.com/securitytopics/security/story/0,10801,102049,00.html

By Linda Rosencrance 
MAY 26, 2005
COMPUTERWORLD

The U.S. Department of Homeland Security must do more to protect the
nation's critical information infrastructure, according to a report
released today by the Government Accountability Office [1].

While the agency has begun efforts to fulfill its cybersecurity
duties, "it has not fully addressed any of the 13 [primary]
responsibilities, and much needs to be done," the GAO said.

Those responsibilities include developing a national plan for critical
infrastructure protection that includes cybersecurity; developing
partnerships and coordinating efforts with other federal agencies,
state and local governments and the private sector; improving
public/private sharing of information on cyberattacks, threats and
vulnerabilities; and developing and improving national cyberanalysis
and warning capabilities.

The DHS has already established the U.S. Computer Emergency Readiness
Team (U.S. CERT) as a public/private partnership to make cybersecurity
a coordinated national effort, the GAO said. And it has established
forums designed to build trust and information sharing among federal
officials with information security responsibilities and law
enforcement entities.

But it has not yet developed national cyberthreat and vulnerability
assessments or contingency plans for cybersecurity -- including a plan
for recovering key Internet functions, the GAO said.

The report prompted members of Congress to call on the DHS to get
moving.

"I am troubled that more progress has not been made," Sen. Joseph I.  
Lieberman (D-Conn.) said in a statement [2]. "We have a long road
ahead before the cyberstructure that underpins our nation's critical
infrastructure is secured from pranksters and saboteurs."

Rep. Bennie G. Thompson (D-Miss.), ranking member of the House
Committee on Homeland Security, said in a statement he is concerned
that "the DHS is bogged down by the wrong priorities and is unable to
carry out its responsibility to improve the nation's cybersecurity
infrastructure protections."

Thompson noted that the DHS needs to do more to develop its ability to
analyze computer-based threats, something the GAO urged the department
to complete in 2001. "As long as the department is not our nation's
focal point for cybersecurity, our critical infrastructures remain
largely unprepared or unaware of cybersecurity risks and how to
respond to cyberemergencies," he said. "This is unacceptable, as so
much of our daily lives -- from our banking to our water and
electricity supplies -- rely on a strong cyberinfrastructure."

Rep. Zoe Lofgren (D-Calif.) said that the GAO report only confirms
what Congress has known all along -- that the homeland security agency
has failed to meet its responsibility for critical infrastructure
protection. Lofgren, the ranking member on the House Homeland Security
Subcommittee on Intelligence, Information Sharing, and Terrorism Risk
Assessment, is one of the representatives who requested the report.

"And even worse, this report proves that a national plan to secure our
cybernetworks is virtually nonexistent," said Lofgren in a statement.  
"There is no doubt that these vulnerabilities will continue to hamper
our homeland security efforts if we do not make cybersecurity a major
priority."

According to the GAO, the department faces a number of challenges that
have hindered its efforts to protect the nation's critical information
infrastructure. Those challenges include achieving organizational
stability; gaining organizational authority; overcoming hiring and
contracting issues; increasing awareness about cybersecurity roles and
capabilities; establishing effective partnerships with stakeholders;  
achieving two-way information sharing with those stakeholders; and
demonstrating the value it can provide.

Although the DHS has identified beginning steps to address
cybersecurity challenges, "until it confronts and resolves these
underlying challenges and implements its plans, DHS will have
difficulty achieving significant results," according to the report.

In written comments based on a draft of the GAO report, DHS officials
agreed with the need to prioritize its cybersecurity responsibilities,
but disagreed with the recommendations on how best to solve its
problems. It asked the GAO for more information on the recommendations
and said its strategic plan includes a prioritized list of key
activities that are reviewed and updated on a quarterly basis.

DHS officials could not be reached for comment today.

[1] http://www.gao.gov/new.items/d05434.pdf 
[2] 
http://www.house.gov/apps/list/press/ca16_lofgren/pr_052605_GAO_Critical_Infrastructures.html



_________________________________________
InfoSec News v2.0 - Coming Soon!
http://www.infosecnews.org
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [ISN] GAO: DHS cybersecurity plans need more work, InfoSec News <=
Previous by Date:  [ISN] FBI Investigates Stanford Computer Breach, InfoSec News
Next by Date:  [ISN] Mad as hell, switching to Mac, InfoSec News
Previous by Thread:  [ISN] FBI Investigates Stanford Computer Breach, InfoSec News
Next by Thread:  [ISN] Mad as hell, switching to Mac, InfoSec News
Indexes:  [Date] [Thread] [Top] [All Lists]