Collaborate Disseminate
In response to the watchdog’s report, the Office of the National Cyber Director said that performance measures don’t really exist in the cybersecurity field.
The post National cybersecurity plans lack performance measures and estimated costs, GAO says appeared first on CyberScoop.
The GAO found that the State Department is addressing challenges at the new bureau tied to role definitions and hiring.
The post Growing pains at the Bureau of Cyberspace and Digital Policy, report finds appeared first on CyberScoop.
Continue reading Growing pains at the Bureau of Cyberspace and Digital Policy, report finds
In September 2018, the White House announced a new federal cybersecurity strategy to make critical infrastructure more resilient to hacking, shore up supply chains and “identify, counter, disrupt, degrade and deter behavior in cyberspace.” The ambitious document, which the White House described as the United States’ “first fully articulated cyber strategy” in 15 years, aimed to reduce the occurrence of damaging cyberattacks on U.S. interests. Two years later, a review of the strategy by the Government Accountability Office, a nonpartisan congressional agency, has found key gaps in the way the White House is trying to execute that plan. In the face of persistent cyber-threats from foreign powers, the Trump administration’s effort to mobilize resources to fix important U.S. security weaknesses risks coming up short without a better plan to execute the strategy, GAO said in a report published Tuesday. The National Security Council’s implementation plan for the strategy does not include […]
The post GAO criticizes rollout of two key Trump administration cyber initiatives appeared first on CyberScoop.
Continue reading GAO criticizes rollout of two key Trump administration cyber initiatives
The top Democrats on the House and Senate energy committees have urged the Department of Homeland Security to assess cyber and physical protections for natural gas and oil pipelines following an audit that criticized the department’s approach to the issue. “The results of this assessment will help policymakers evaluate the security of our nation’s energy assets,” Sen. Maria Cantwell, D-Wash., and Rep. Frank Pallone, Jr., D-N.J. wrote to Homeland Security Secretary Kirstjen Nielsen on Wednesday. Operators of the nation’s 2.7 million miles of pipelines for oil, natural gas, and other hazardous liquids have grappled with cybersecurity risk as their infrastructure becomes more digitized. Those pipelines are a natural target for nation-state hackers, a Federal Energy Regulatory Commission official said in August, according E&E News. Cantwell and Pallone, Jr., said much more needs to be done to counter the threat. They were reacting to a Government Accountability Office audit that found […]
The post Lawmakers ask DHS to take action on pipeline cybersecurity appeared first on CyberScoop.
Continue reading Lawmakers ask DHS to take action on pipeline cybersecurity
A majority of federal civilian agencies examined by a government watchdog are struggling to implement cybersecurity programs capable of adapting to a changing threat landscape. “Until agencies more effectively implement the government’s approach and strategy, federal systems will remain at risk,” the Government Accountability Office warned in a report Tuesday that assessed security implementation at the departments of Homeland Security, Justice, Energy and others. Seventeen of 23 inspectors general said their agencies’ cybersecurity programs were not being effectively put into place, and that they had “significant information security deficiencies” in financial reporting controls, the GAO said. The audit is a reminder that, despite years of attention and billions of dollars spent, there is often a discrepancy between objectives and results in the cybersecurity of federal agencies. Agencies were considered to have an “effective” cybersecurity program if they had, at a minimum, “quantitative and qualitative measures on the effectiveness of policies, procedures, and strategy” across […]
The post As threats increase, audit finds federal agencies struggle to implement cyber plans appeared first on CyberScoop.
Continue reading As threats increase, audit finds federal agencies struggle to implement cyber plans
The news comes shortly after the DoD was called out for having rampant bugs in its weapons systems. Continue reading Pentagon Expands Bug-Bounty Program to Include Physical Systems
In cybersecurity probes of Department of Defense weapons systems in recent years, penetration testers were able to wrest control of systems with relative ease and generally operate undetected, according to a Government Accountability Office report. “We found that from 2012 to 2017, DOD testers routinely found mission-critical cyber vulnerabilities in nearly all weapon systems that were under development,” the report states. In one test, a two-person team gained initial access to a system in an hour, then gained full control of the system in a day, the watchdog said. In another, the pen-testers seized control of the operators’ terminals, could see what the operators saw on their screens, and “could manipulate the system,” GAO found. Many of the testers said they could change or delete data. In one case they downloaded 100 gigabytes of it. The scathing report chalks up the insecurities in the Pentagon’s weapon systems to defense officials’ “nascent […]
The post GAO report shows how easy it is to hack DOD weapons systems appeared first on Cyberscoop.
Continue reading GAO report shows how easy it is to hack DOD weapons systems
Among the many things the Department of Homeland Security is required to report on from time to time is its cybersecurity workforce challenges. Yet, according to the Government Accountability Office, it has failed to do so in a timely manner. GAO says DHS did not complete efforts to identify and assign codes to all its cybersecurity positions. In August 2017, DHS reported to Congress that it had coded 95 percent of the department’s cybersecurity positions but in fact, it was discovered that the department only coded 79 percent of the cybersecurity positions, the report states. GAO is not denying that DHS has taken some steps to identify the gaps but in a new the report, the office is calling out DHS for falling short on reporting these cybersecurity efforts regularly. These specialized codes help define roles and tasks for specific cybersecurity areas. The codes have not been fully assigned since September […]
The post GAO dings DHS for failing to share info on cybersecurity workforce efforts appeared first on Cyberscoop.
Continue reading GAO dings DHS for failing to share info on cybersecurity workforce efforts
The Department of Defense has not finally decided whether to separate the leadership of the National Security Agency and U.S. Cyber Command and has not begun to meet the congressionally mandated conditions for doing so, the Government Accountability Office said in a report Tuesday. A provision in last year’s National Defense Authorization Act required the Secretary of Defense and the chairman of the Joint Chiefs of Staff to jointly certify that ending the so-called dual-hat arrangement — under which the same four-star general is both NSA director and in charge of U.S. Cyber Command — will not pose risks to the command’s military effectiveness. “As of April 2017, DOD’s senior leaders had not decided whether the dual-hat leadership should be ended,” states the GAO report, adding that department’s leaders were “reviewing the steps and funding necessary to meet the statutory requirements of Section 1642” but had not yet begun to do so. The NDAA […]
The post GAO: Pentagon hasn’t met conditions for separating NSA and Cyber Command appeared first on Cyberscoop.
Continue reading GAO: Pentagon hasn’t met conditions for separating NSA and Cyber Command
The Office of Personnel Management appears to be overpaying for an identity theft insurance program it rolled out to protect more than 20 million current and former U.S. government employees whose personal information was exposed in the agency’s massive 2015 data breach, a government watchdog said. A newly released report by the Government Accountability Office notes that OPM is providing coverage at a level that is “likely unnecessary” because “claims paid rarely exceed a few thousand dollars.” Exasperating costs further is also the fact that the government know how many affected individuals might have signed up for two different government identify theft monitoring programs that essentially offer the same thing. Shortly after the breach was first publicly acknowledged, OPM contracted two firms, Winvale Group and ID Experts, to protect government employees that had their personal information exposed in the personnel records breach and separate breach of background investigation data. “OPM has estimated […]
The post After 2015 breach, OPM overpaid for identify theft protections, report finds appeared first on Cyberscoop.
Continue reading After 2015 breach, OPM overpaid for identify theft protections, report finds