Shows & Panels
- The 2014 Big Picture on Cyber Security
- AFCEA Answers
- Ask the CIO
- Connected Government
- Consolidating Mission-critical Systems
- Constituent Servicing
- The Data Privacy Imperative: Safeguarding Sensitive Data
- Eliminating the Pitfalls: Steps to Virtualization in Government
- Federal Executive Forum
- Federal Tech Talk
- Government Cloud Brokerage: Who, What, When, Where, Why?
- Government Mobility
- The Intersection: Where Technology Meets Transformation
- Maximizing ROI Through Data Center Consolidation
- Mobile Device Management
- The Modern Federal Threat Landscape
- Moving to the Cloud. What's the best approach for me
- Navigating Tough Choices in Government Cloud Computing
- Satellite Communications: Acquiring SATCOM in Tight Times
- Transformative Technology: Desktop Virtualization in Government
- Understanding the Intersection of Customer Service and Security in the Cloud
Shows & Panels
IG: Justice cyber operations slow to report incidents, lacking critical info
Wednesday - 9/28/2011, 2:51pm EDT
Federal News Radio
The Justice Department takes too long to report cyber incidents and does not have cyber incident reports from all of its departments, according to an Office of the Inspector General report.
The Justice Security Operations Center (JSOC), established in 2007, monitors DoJ's IT systems for cyber threats. JSOC coordinates with the Homeland Security Department's U.S. Computer Emergency Readiness Team (US-CERT) to defend against cyber attacks.
JSOC policy "allows more time—potentially up to twice as long—for reporting incidents to US-CERT than US-CERT advises," said Jay Lerner, senior counsel at the DoJ OIG, in a statement.
For example, an incident defined a "Category 1" or unauthorized access must be reported to US-CERT within one hour, the report said.
"Allowing twice the required time to report an incident to US-CERT may potentially increase opportunities for malicious actions within DoJ and add to the overall risk to its IT environment," the report.
The IG also found JSOC did not have a comprehensive picture of potential cyber threats. Six of DoJ's 32 components have not provided all information to JSOC. In particular, the FBI does not report incidents it categorizes as "under investigation."
"[O]ur audit raises concerns about how well JSOC receives necessary incident information from components, components' awareness of JSOC services, and components' commitment to following DoJ's Computer System Incident Response Plan," according report.
DoJ spends about $3 billion annually in cybersecurity, the report said.
The IG made 20 recommendations and DoJ's Justice Management Division agreed to all of them, Lerner said.