The inspector general’s audit comes at a time of total flux for DHS. DHS cybersecurity criticized

The Department of Homeland Security has struggled to respond to cybersecurity threats and disseminate information about them because of lingering technical, funding and staffing woes, according to the agency’s inspector general.

As hackers increasingly take aim at U.S. banks and other top targets, DHS still lacks some tools to track the attacks, desperately needs additional analysts to interpret and share its information in real time and lags in its efforts to train its existing cybersecurity workforce, the watchdog found in a report released Monday.


The inspector general’s audit — conducted between January and May — comes at a time of total flux for DHS, which currently lacks a leader. President Barack Obama has nominated Jeh Johnson for the post; he’s yet to have a confirmation hearing.

In the meantime, though, DHS is center stage in the Obama administration’s ongoing campaign to raise the country’s digital defenses. An executive order signed by the president in February tasks the agency with standing up a new system to share threat data with industry while encouraging those businesses to improve their cybersecurity practices. That itself represents a daunting undertaking — and it’s one DHS faces as it also confronts lingering structural issues in its existing cybersecurity programs.

As it’s currently organized, the agency’s National Protection and Programs Directorate houses its cybersecurity work. A key component to that setup is the National Cybersecurity and Communications Integration Center, known as the NCCIC. The center serves as a 24/7 hub that works with other elements of the federal government as well as state and business leaders on cybersecurity.

The NCCIC is relatively new, and it has worked hard to establish partnerships with federal and state agencies while issuing bulletins on cyberthreats as they emerge, according to the inspector general’s report, which was completed in late October. But the audit also revealed the center and other DHS branches still face “challenges in sharing cyber threat information with other federal cyber operations centers.”

For one, NCCIC and federal cyber operations centers lack a single, common management system that “tracks, shares and coordinates cyber information with each other,” the report found. It’s not to say there aren’t any tools at DHS for tracking cybersecurity incidents, the inspector general noted or that the agency’s leaders aren’t communicating with each other. Rather, DHS has many security bulletins and cyber incident details living in disparate databases, which aren’t “seamlessly” connected and coordinated.

“[N]o single entity combines all information available from these centers and other sources to provide a continuously updated, comprehensive picture of cyberthreat and network status to provide indications and warning of imminent incidents, and to support a coordinated incident response,” the inspector general reported.

For its part, DHS indicated in its September reply to the IG that it was working on a fix and would deploy new tools to share cybersecurity threat data beginning in the 2014 fiscal year. And an agency spokesman told POLITICO it’s already making strides to fix all the areas its inspector general had highlighted — including “establishing common cyber tools.”

“The Department of Homeland Security actively collaborates and shares information with public- and private-sector partners every day to respond to and coordinate mitigation in the face of attempted disruptions to the nation’s critical cyber and communications networks and to reduce adverse impacts on critical network systems,” the aide said.

Perhaps exacerbating those internal technical troubles are the serious staffing woes at the agency, the report further found. An agency in the DHS umbrella that provides operational support and cyberthreat analysis “can currently provide coverage only for 14 hours per day for 5 days per week,” according to the inspector general, leaving “a weekly total of 98 hours” that it’s “not providing coverage support.”

And there’s a similar staffing shortage at the Industrial Control Systems Cyber Emergency Response Team, a DHS entity. “ICS-CERT does not currently have the required personnel to assist in the continuous operations” at its current levels, according to the study. In part, the inspector general and DHS agreed that funding shortages contributed to some of the staffing troubles.

For those already hired, the IG expressed concerns that existing training resources are insufficient. The NCCIC “does not have sufficient resources to provide specialized training to incident responders,” the report documented, noting that a review of the center’s records between 2009 and 2013 revealed only 10 analysts of 22 analysts had “technical training.” The IG points to sequestration, however, as one driving factor behind the delay — and DHS said it would further “expand” its training once more money is available.