OIG report
DHS Inspector General: CISA Needs to Address Issues Preventing Prompt Cyber Response
The Department of Homeland Security’s Office of the Inspector General said the Cybersecurity and Infrastructure Security Agency has yet to address lapses that prevented it to respond to the SolarWinds hack.
According to the OIG’s report, CISA does not have backup communications systems, employees and other resources to respond to SolarWinds-like threats. The OIG also noted that while the CISA improved its risk detection and mitigation capabilities, more work has to be done to protect federal networks.
The OIG is urging the cybersecurity agency to add resources, improve workforce management and implement better staffing and planning practices so it can move on from outdated processes, FCW reported.
CISA Director Jen Easterly, a 2023 Wash100 winner, said the agency is developing a continuity of operations and a supplemental plan to address lapses. The two efforts, which were recommended by the OIG, should be completed by the end of 2023, Easterly said.
The OIG also recommended that the CISA implement an assessment to document staffing, resources and intelligence access and that the CISA director implement a long-term plan for the National Cybersecurity Protection System’s data analytics capabilities. The CISA concurred with all four recommendations.
Category: Federal Civilian