Editor’s Note: The following is from GAO’s Testimony before the Subcommittee on Cybersecurity, Infrastructure Protection, and Security Technologies, Committee on Homeland Security, House of Representatives. The complete Tesimony may be found here. The following is an excerpt.
From: GAO
Statement of Gregory C. Wilshusen, Director, Information Security Issues
Our final report is expected to be released later this year, and our preliminary observations include the following:
• DHS appears to have developed and deployed aspects of the intrusion detection and intrusion prevention capabilities, but potential weaknesses may limit their ability to detect and prevent computer intrusions. For example, NCPS detects signature anomalies using only one of three detection methodologies identified by NIST (signature-based, anomaly-based, and stateful protocol analysis). Further, the system has the ability to prevent intrusions, but is currently only able to proactively mitigate threats across a limited subset of network traffic (i.e., Domain Name System traffic and e-mail).
• DHS has identified a set of NCPS capabilities that are planned to be implemented in fiscal year 2016, but it does not appear to have developed formalized requirements for capabilities planned through fiscal year 2018.
• The NCPS intrusion detection capability appears to have been implemented at 23 CFO Act agencies. The intrusion prevention capability appears to have limited deployment, at portions of only 5 of these agencies. Deployment may have been hampered by various implementation and policy challenges.
Leave a Reply