Editor’s Note: GAO’s complete testimony (GAO-15-758T) is available here. Below is an excerpt.
From: GAO
Currently, we are reviewing NCPS in response to provisions of the Senate and House reports accompanying the Consolidated Appropriations Act, 2014. The objectives of our review are to determine the extent to which (1) NCPS meets stated objectives, (2) DHS has designed requirements for future stages of the system, and (3) federal agencies have adopted the system.
Our final report is expected to be released later this year, and our preliminary observations include the following:
• DHS appears to have developed and deployed aspects of the intrusion detection and intrusion prevention capabilities, but potential weaknesses may limit their ability to detect and prevent computer intrusions. For example, NCPS detects signature anomalies using only one of three detection methodologies identified by NIST: signature-based, anomaly-based, and stateful protocol analysis. Further, the system has the ability to prevent intrusions, but is currently only able to proactively mitigate threats across a limited subset of network traffic (i.e., Domain Name System traffic and e-mail).
• DHS has identified a set of NCPS capabilities that are planned to be implemented in fiscal year 2016, but it does not appear to have developed formalized requirements for capabilities planned through fiscal year 2018.
• The NCPS intrusion detection capability appears to have been implemented at 23 CFO Act agencies. The intrusion prevention capability appears to have limited deployment at portions of only 5 of these agencies. Deployment may have been hampered by various implementation and policy challenges.
Leave a Reply