Cybersecurity controls

Inspector General Finds Interior Department Cyber Threat Detection, Defense Controls Adequate

The Department of the Interior has sufficient cyber threat detection and defense controls, the agency’s Office of the Inspector General said.

The OIG shared in a memorandum that it performed penetration tests on DOI’s public-facing systems. Based on the tests, the oversight body shared that the department’s systems detected the simulated attacks and responded accordingly based on the steps established by the OIG and the department’s Office of the Chief Information Officer.

With the findings issued, the OIG is closing its evaluation, Nextgov reported.

The oversight body started investigating DOI’s systems in October 2020 to determine if the department has a secure infrastructure. In a six-month examination from May to November 2021, the OIG looked for vulnerabilities that could be exploited, using hacking tools to mimic malicious activity. The inspector general shared that, compared to earlier investigations in 2015 and 2018, the department made significant improvements in that officials identified and mitigated the simulated attacks.

Despite the improvements to DOI’s operations, the inspector general said the department must remain vigilant against threats due to the fact that it has numerous public-facing systems. The oversight body pointed out that the tests it performed were broad in scope and did not mimic adversaries with the time and resources to execute focused attacks.

OIG did not offer any recommendations in its memorandum.