From: CSO
By Ms. Smith, CSO
Another year, another audit, another set of failings when it comes to the Department of Homeland Security’s IT systems.
The Office of Inspector General (OIG) has released its “Evaluation of DHS’ Information Security Program for Fiscal Year 2017” (pdf). In short, the Department of Homeland Security (DHS) is running outdated software, has unpatched critical vulnerabilities — including the flaw to allow WannaCry ransomware — and some workstation security patches haven’t been deployed for years.
***
NIST’s Detect function means “developing and implementing the appropriate activities to identify the occurrence of a cybersecurity event.” However, the OIG found that DHS fell short of Level 4 because it had not maintained software licenses for unclassified systems and had relied on “data calls to monitor national security systems as part of its continuous monitoring process to detect potential incidents.”
Leave a Reply