Shows & Panels
- AFCEA Answers
- Ask the CIO
- The Big Data Dilemma
- Carrying On with Continuity of Operations
- Connected Government
- Constituent Servicing
- Continuous Monitoring: Tools and Techniques for Trustworthy Government IT
- The Cyber Imperative
- Cyber Solutions for 2013 and Beyond
- Expert Voices
- Federal Executive Forum
- Federal IT Challenge
- Federal Tech Talk
- Mission-critical Apps in the Cloud
- The Path from Legacy Systems
- The Real Deal on Digital Government
- The Reality of Continuous Monitoring... Is Your Agency Secure?
- Veterans in Private Sector: Making the Transition
Shows & Panels
IG: Justice cyber operations slow to report incidents, lacking critical info
Wednesday - 9/28/2011, 2:51pm EDT
Federal News Radio
The Justice Department takes too long to report cyber incidents and does not have cyber incident reports from all of its departments, according to an Office of the Inspector General report.
The Justice Security Operations Center (JSOC), established in 2007, monitors DoJ's IT systems for cyber threats. JSOC coordinates with the Homeland Security Department's U.S. Computer Emergency Readiness Team (US-CERT) to defend against cyber attacks.
JSOC policy "allows more time—potentially up to twice as long—for reporting incidents to US-CERT than US-CERT advises," said Jay Lerner, senior counsel at the DoJ OIG, in a statement.
For example, an incident defined a "Category 1" or unauthorized access must be reported to US-CERT within one hour, the report said.
"Allowing twice the required time to report an incident to US-CERT may potentially increase opportunities for malicious actions within DoJ and add to the overall risk to its IT environment," the report.
The IG also found JSOC did not have a comprehensive picture of potential cyber threats. Six of DoJ's 32 components have not provided all information to JSOC. In particular, the FBI does not report incidents it categorizes as "under investigation."
"[O]ur audit raises concerns about how well JSOC receives necessary incident information from components, components' awareness of JSOC services, and components' commitment to following DoJ's Computer System Incident Response Plan," according report.
DoJ spends about $3 billion annually in cybersecurity, the report said.
The IG made 20 recommendations and DoJ's Justice Management Division agreed to all of them, Lerner said.