Shows & Panels
- The 2014 Big Picture on Cyber Security
- AFCEA Answers
- Ask the CIO
- Building the Hybrid Cloud
- Connected Government: How to Build and Procure Network Services for the Future
- Continuing Diagnostics and Mitigation: Discussion of Progress and Next Steps
- Federal Executive Forum
- Federal Tech Talk
- The Intersection: Where Technology Meets Transformation
- Maximizing ROI Through Data Center Consolidation
- Moving to the Cloud. What's the best approach for me
- Navigating Tough Choices in Government Cloud Computing
- The New Generation of Database
- Satellite Communications: Acquiring SATCOM in Tight Times
- Targeting Advanced Threats: Proven Methods from Detection through Remediation
- Transformative Technology: Desktop Virtualization in Government
- The Truth About IT Opex and Software Defined Networking
- Value of Health IT
Shows & Panels
IG: Justice cyber operations slow to report incidents, lacking critical info
Wednesday - 9/28/2011, 2:51pm EDT
Federal News Radio
The Justice Department takes too long to report cyber incidents and does not have cyber incident reports from all of its departments, according to an Office of the Inspector General report.
The Justice Security Operations Center (JSOC), established in 2007, monitors DoJ's IT systems for cyber threats. JSOC coordinates with the Homeland Security Department's U.S. Computer Emergency Readiness Team (US-CERT) to defend against cyber attacks.
JSOC policy "allows more time—potentially up to twice as long—for reporting incidents to US-CERT than US-CERT advises," said Jay Lerner, senior counsel at the DoJ OIG, in a statement.
For example, an incident defined a "Category 1" or unauthorized access must be reported to US-CERT within one hour, the report said.
"Allowing twice the required time to report an incident to US-CERT may potentially increase opportunities for malicious actions within DoJ and add to the overall risk to its IT environment," the report.
The IG also found JSOC did not have a comprehensive picture of potential cyber threats. Six of DoJ's 32 components have not provided all information to JSOC. In particular, the FBI does not report incidents it categorizes as "under investigation."
"[O]ur audit raises concerns about how well JSOC receives necessary incident information from components, components' awareness of JSOC services, and components' commitment to following DoJ's Computer System Incident Response Plan," according report.
DoJ spends about $3 billion annually in cybersecurity, the report said.
The IG made 20 recommendations and DoJ's Justice Management Division agreed to all of them, Lerner said.