Shows & Panels
- Accelerate and Streamline for Better Customer Service
- Ask the CIO
- The Big Data Dilemma
- Carrying On with Continuity of Operations
- Client Virtualization Solutions
- Data Protection in a Virtual World
- Expert Voices
- Federal Executive Forum
- Federal IT Challenge
- Federal Tech Talk
- Feds in the Cloud
- Health IT: A Policy Change Agent
- Improving Healthcare Outcomes through IT Policy
- IT Innovation in the New Era of Government
- Making Dollars And Sense Out of Data Center Consolidation
- Navigating the Private Cloud
- One Step to the Cloud, Two Steps Toward Innovation
- Path to FDCCI Compliance
- Take Command of Your Mobility Initiative
Shows & Panels
IG: Justice cyber operations slow to report incidents, lacking critical info
Wednesday - 9/28/2011, 2:51pm EDT
Federal News Radio
The Justice Department takes too long to report cyber incidents and does not have cyber incident reports from all of its departments, according to an Office of the Inspector General report.
The Justice Security Operations Center (JSOC), established in 2007, monitors DoJ's IT systems for cyber threats. JSOC coordinates with the Homeland Security Department's U.S. Computer Emergency Readiness Team (US-CERT) to defend against cyber attacks.
JSOC policy "allows more time—potentially up to twice as long—for reporting incidents to US-CERT than US-CERT advises," said Jay Lerner, senior counsel at the DoJ OIG, in a statement.
For example, an incident defined a "Category 1" or unauthorized access must be reported to US-CERT within one hour, the report said.
"Allowing twice the required time to report an incident to US-CERT may potentially increase opportunities for malicious actions within DoJ and add to the overall risk to its IT environment," the report.
The IG also found JSOC did not have a comprehensive picture of potential cyber threats. Six of DoJ's 32 components have not provided all information to JSOC. In particular, the FBI does not report incidents it categorizes as "under investigation."
"[O]ur audit raises concerns about how well JSOC receives necessary incident information from components, components' awareness of JSOC services, and components' commitment to following DoJ's Computer System Incident Response Plan," according report.
DoJ spends about $3 billion annually in cybersecurity, the report said.
The IG made 20 recommendations and DoJ's Justice Management Division agreed to all of them, Lerner said.