Security News > 2010 > June > The unreadiness team

The unreadiness team
2010-06-21 05:20

http://www.washingtonpost.com/wp-dyn/content/article/2010/06/19/AR2010061902645.html The Washington Post June 20, 2010 THE REPORT is chilling. Optimistically titled "U.S. Computer Emergency Readiness Team Makes Progress in Securing Cyberspace, but Challenges Remain," it paints a disturbing picture of a national security disaster waiting to happen. The U.S. Computer Emergency Readiness Team, or CERT, established in 2003 to coordinate national cyber-defense efforts, is an arm of the Department of Homeland Security (DHS) tasked with "analyzing and reducing cyber threats and vulnerabilities, disseminating cyber threat warning information, and coordinating cyber incident response activities." But this vast responsibility has come with little and confusing authority. The report released last week by the DHS inspector general reveals an institution that is floundering. CERT is understaffed, with no capacity to do anything other than process data for anomalies and react to breaches after the fact with fixes it has no authority to enforce. Among the report's findings: Of the 98 positions authorized for the emergency readiness team, only 45 are filled, forcing it to rely on outside contractors to perform even basic functions such as updating operating procedures. After seven years, CERT still lacks a strategic plan, goals or any performance measures to assess its progress. Making its role as the nation's ostensible first line of cyber defense still more difficult is the fact that it has no authority to ensure that any of its safety recommendations are implemented, even by the other federal agencies it is charged with protecting. Many partner agencies reported not receiving any instructions for CERT's primary monitoring software, making it difficult for them to access information about threats. [...] _________________________________________________________________ Attend Black Hat USA 2010, hosted at Caesars Palace in Las Vegas, Nevada July 24-29th, offering over 60 training sessions and 11 tracks of Briefings from security industry elite. To sign up visit http://www.blackhat.com


News URL

http://www.washingtonpost.com/wp-dyn/content/article/2010/06/19/AR2010061902645.html