[ISN] The unreadiness team

From: InfoSec News <alerts_at_private>
Date: Mon, 21 Jun 2010 00:20:41 -0500 (CDT)
http://www.washingtonpost.com/wp-dyn/content/article/2010/06/19/AR2010061902645.html

The Washington Post
June 20, 2010 

THE REPORT is chilling. Optimistically titled "U.S. Computer Emergency 
Readiness Team Makes Progress in Securing Cyberspace, but Challenges 
Remain," it paints a disturbing picture of a national security disaster 
waiting to happen. The U.S. Computer Emergency Readiness Team, or CERT, 
established in 2003 to coordinate national cyber-defense efforts, is an 
arm of the Department of Homeland Security (DHS) tasked with "analyzing 
and reducing cyber threats and vulnerabilities, disseminating cyber 
threat warning information, and coordinating cyber incident response 
activities." But this vast responsibility has come with little and 
confusing authority.

The report released last week by the DHS inspector general reveals an 
institution that is floundering. CERT is understaffed, with no capacity 
to do anything other than process data for anomalies and react to 
breaches after the fact with fixes it has no authority to enforce. Among 
the report's findings: Of the 98 positions authorized for the emergency 
readiness team, only 45 are filled, forcing it to rely on outside 
contractors to perform even basic functions such as updating operating 
procedures.

After seven years, CERT still lacks a strategic plan, goals or any 
performance measures to assess its progress. Making its role as the 
nation's ostensible first line of cyber defense still more difficult is 
the fact that it has no authority to ensure that any of its safety 
recommendations are implemented, even by the other federal agencies it 
is charged with protecting. Many partner agencies reported not receiving 
any instructions for CERT's primary monitoring software, making it 
difficult for them to access information about threats. 

[...]


_________________________________________________________________
Attend Black Hat USA 2010, hosted at Caesars Palace in Las Vegas, Nevada
July 24-29th, offering over 60 training sessions and 11 tracks of Briefings
from security industry elite. To sign up visit http://www.blackhat.com
Received on Sun Jun 20 2010 - 22:20:41 PDT

This archive was generated by hypermail 2.2.0 : Sun Jun 20 2010 - 22:23:52 PDT