HOT TOPICS >> Cloud computing | Cybersecurity | Gov 2.0 | Fiscal 2012 | Mobile | Transparency | GAO reports
AGENCY NEWS >> Defense | NASA | Homeland Security | NIST | OMB | Veterans Affairs | NARA | GSA
Latest News
Media Partner
Free Newsletter
FierceGovernmentIT tracks the latest technological developments in the U.S. government. Join more than 17,000 federal/state decision makers and IT executives who get FierceGovernmentIT via email. Sign up today!
About | View Sample | Privacy
Whitepapers
- Business Intelligence: It's All in the Data
- End-of-life solution management for mobile devices reduces MNCs' security, compliance and sustainability risks
- The Top 4 Reasons Your Telecom Expense Management Provider Shouldn't Manage Your Wireless
- IMPROVING THE MANAGEMENT OF FEDERAL GOVERNMENT IT ASSETS THROUGH BETTER COMMUNICATION WITH THE IT INDUSTRY
- Migrating enterprise digital communication to the Cloud
- The Data Center in Your Future
GAO: TIC, Einstein success is dependent on OMB, DHS guidance
Federal agencies have had little success with efforts to implement Trusted Internet Connections and Einstein, two federal cybersecurity programs. If agencies are not able to get the programs on track quickly, they could jeopardize their ability to reduce and secure Internet connections, according to a new Government Accountability Office report.
In July 2009, GAO found that almost all 24 major federal agencies had weaknesses in information security controls. An underlying reason for those weaknesses is that agencies had incomplete information security programs. "Ultimately, TIC and Einstein are intended to work together to build successive layers of defense mechanisms in the federal government's information technology infrastructures," says the report.
According to the audit, TIC and Einstein are not going as planned for several reasons:
- For TIC, OMB did not consistently communicate the number of access points for which agencies had been approved, and DHS did not always provide timely answers to agency questions about technical capabilities. In addition, because DHS does not conduct direct testing of the capabilities or evaluate all possible locations in its validation reviews, it cannot be assured that all critical capabilities have been implemented.
- For Einstein, the initiative could fail to fully meet the objective of increasing US-CERT's situational awareness because DHS did not always ensure that key agreements were executed with agencies. DHS could also be challenged in determining whether the initiative is meeting this objective without performance measures that indicate whether the alerts provided to agencies represent actual incidents.
TIC, an initiative launched by the Office of Management and Budget and Department of Homeland Security in 2007, aims to improve security and incident response by reducing and consolidating external network connections and centrally monitoring network traffic for malicious activity, across the government. Agencies are required to use one of four service options under TIC: A single service model, used by 12 agencies; a multi service model, used by one agency; a hybrid approach, used by three agencies; and seven agencies are seeking services from another access provider.
Einstein, called Einstein 2 in it's current version, "monitors for specific predefined signatures of known malicious activity at federal agency Internet connections and alerts US-CERT when specific malicious network activity matching the predetermined signatures is detected," according to the report. DHS is currently piloting Einstein 3, which will automatically detect and respond appropriately to cyber threats before harm is done.
For more:
- read the GAO report (.pdf)
Related Articles:
GAO: DHS emphasizes cybersecurity in national infrastructure plan
GAO: Bureau of Public Debt must address information security
IRS cybersecurity weak
IG: DOJ, FBI have lost sight of identity theft priorities
Poll: Small expectations for National Cybersecurity Coordinator
SHARE WITH:
Home
| Subscribe | Advertise | Mobile Edition | RSS |
Privacy
| Site Map
| EditorsTHE FIERCEMARKETS NETWORKFierceEnergy | FierceSmartGrid | FierceFinance | FierceFinanceIT | FierceComplianceIT | FierceHealthcare | FierceHealthFinance | FierceHealthIT | Hospital Impact | FierceMobileHealthcare | FierceHealthPayer | FiercePracticeManagement | FierceEMR | FierceCIO | FierceCIO:TechWatch | FierceContentManagement | FierceMobileIT | FierceGovernmentIT | FierceGovernment | FierceHomelandSecurity | FierceBiotech | FierceBiotech Research | FiercePharma | FierceVaccines | FierceBiotechIT | FiercePharma Manufacturing | FierceMedicalDevices | FierceDrugDelivery | FierceIPTV | FierceOnlineVideo | FierceTelecom | FierceEnterpriseCommunications | FierceBroadbandWireless | FierceDeveloper | FierceMobileContent | FierceWireless | FierceWireless:Europe | FierceCable© 2011 FierceMarkets. All rights reserved. |
 |
