DHS IG: US-CERT lacks leadership, which hurts cybersecurity

Friday - 6/18/2010, 7:47pm EDT

From "Support snowballs early for Senate cyber bill" by Max Cacas on FederalNewsRadio.com:

"The House Homeland Security panel received the report of Richard Skinner, the Inspector General of the Department of Homeland Security, on continuing shortcomings at US-CERT -- DHS's Computer Emergency Readiness Team. Among his findings, Skinner notes that:

'Over the last five years, US-CERT has had five directors. In our opinion, that is impeding our ability to move forward. Without the leadership to implement strategic plans, and guide our day to day operations, it's going to slow us down.'

"Skinner also noted deficiencies in the way US-CERT shares information on cybersecurity with clients and partners at other federal agencies in real-time. The IG listed a number of recommendations to improve agency performance.

"Even as they contemplate the possibility of beefing up DHS's roles and responsibilities in the realm of cybersecurity, members of the House panel still found themselves struggling to envision the scope of the problem.

"Responding to a question from Homeland Security Committee Chairman Thompson, Greg Schaffer, assistant DHS secretary for Cybersecurity and Communications, and the man who runs US-CERT, admitted he could not provide an adequate estimate of how many hacker attacks took place against the nation's computer networks on a daily or monthly basis.

"Minutes later, Thompson asked Schaffer again to estimate hacker activity, this time as detected by US-CERT's Einstein intrusion detection system.

'Einstein 2 is showing us 278,000 indications of potential malicious activity at the perimeter of our networks on a monthly basis based on the deployments that we have. That doesn't mean the attacks were successful, it simply means there were indications of malicious activity 278,000 times on the average month.'

"Despite repeated questioning, none of the members of the House Homeland Security Committee were able to get a more firm and reliable estimate of hacker activity, despite improvements to cybersecurity detection systems."


Click to watch the first panel:


Click to watch the second panel: