02:20 PM
Connect Directly

DHS Systems More Secure, Inspector General Finds

Report indicates progress has been made certifying and accrediting the Department of Homeland Security's intelligence systems.

The Department of Homeland Security has significantly improved the cybersecurity of its top secret intelligence computer systems in the last two years, according to the recently released summary of an Inspector General report issued earlier this year.

"Information security procedures have been documented and controls have been implemented, providing an effective level of security for the department’s intelligence systems," the Office of the Inspector General said in its report.

Last year's report noted that DHS had not established a formal training program for employees who have responsibilities for DHS intelligence systems. This year's review notes that the DHS has created the Sensitive Compartmented Information Systems Information Assurance Handbook, "which provides department intelligence personnel with security procedures and requirements to administer its intelligence systems and the information processed."

A 2008 review noted progress on earlier cybersecurity goals, including creating and updating an inventory of Top Secret and sensitive information systems and certifying and accrediting those systems in accordance with intelligence directives. The 2009 report found continued certification and accreditation.

Overall, the report found that the Department of Homeland Security had acted on 10 of the inspector general's 14 recommendations from a 2007 report. The results of annual reviews of these systems have appeared only in heavily redacted summaries, which offered no concrete details between 2005 and 2007, so it's unclear exactly what those recommendations were.

Despite improvements in security controls, the Inspector General still found some gaps.

According to the report, the DHS has provided the IG with plans to implement -- but has note yet implemented -- numerous cybersecurity strategies related to an overall plan of action, disaster recovery, and more formal training.

InformationWeek has published an in-depth report on leading-edge government IT -- and how the technology involved may end up inside your business. Download the report here (registration required).

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Current Issue
Five Emerging Security Threats - And What You Can Learn From Them
At Black Hat USA, researchers unveiled some nasty vulnerabilities. Is your organization ready?
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
According to industry estimates, about a million new IT security jobs will be created in the next two years but there aren't enough skilled professionals to fill them. On top of that, there isn't necessarily a clear path to a career in security. Dark Reading Executive Editor Kelly Jackson Higgins hosts guests Carson Sweet, co-founder and CTO of CloudPassage, which published a shocking study of the security gap in top US undergrad computer science programs, and Rodney Petersen, head of NIST's new National Initiative for Cybersecurity Education.