Report: Government Has No Cyber Warning System

The report suggests the chasm between various agency operations centers might open the door to incoming threats.

A masked hacker, part of the Anonymous group, hacks the French presidential Elysee Palace website on January 20, 2012 near the eastern city of Lyon.
National Journal
Aliya Sternstein, NextGov
Aliya Sternstein, NextGov
Nov. 5, 2013, 6:24 a.m.

The de­part­ments of Home­land Se­cur­ity and De­fense, in­clud­ing the Na­tion­al Se­cur­ity Agency, have no way of shar­ing cur­rent alerts about com­puter breaches with each oth­er or in­dustry, an in­spect­or gen­er­al memor­andum re­veals.

The prob­lem is not an in­ab­il­ity to doc­u­ment in­cid­ents, but, rather, an in­ab­il­ity to alert po­ten­tial vic­tims as the situ­ation un­folds and to provide in­struc­tions.

There is one sys­tem for cir­cu­lat­ing event re­ports, a sep­ar­ate one for cir­cu­lat­ing dir­ec­tions on how to re­spond, and no real-time sys­tem for join­ing the two, ac­cord­ing to an Oct. 24 DHS IG re­port re­leased this week.

The miss­ing tech­no­logy should be housed at the 24-hour Na­tion­al Cy­ber­se­cur­ity and Com­mu­nic­a­tions In­teg­ra­tion Cen­ter, a DHS or­gan­iz­a­tion that dis­trib­utes in­form­a­tion among ci­vil­ian agen­cies, the in­tel­li­gence com­munity, De­fense com­pon­ents and crit­ic­al in­fra­struc­ture sec­tors, such as the power in­dustry.

The re­port sug­gests the chasm between NC­CIC and vari­ous agency op­er­a­tions cen­ters might open the door to in­com­ing threats, such as ma­li­cious code tar­get­ing mil­it­ary sys­tems or oil and gas com­pan­ies.

“Ac­cord­ing to the NC­CIC dir­ect­or, there is no na­tion­al sys­tem or com­mon cy­ber tool cur­rently in place for the fed­er­al cy­ber cen­ters to share in­form­a­tion,” the re­port found.

Of­fi­cials at NC­CIC, pro­nounced “N-kick,” ac­know­ledged that a com­mon cy­ber sys­tem could al­low the sep­ar­ate cen­ters to ex­change “ac­tion­able in­form­a­tion,” elec­tron­ic­ally and on a real time basis, with key in­dus­tries to min­im­ize dam­age.

Right now, NC­CIC has a tick­et­ing sys­tem that doc­u­ments in­cid­ent de­tails, such as the time of the ab­nor­mal event, date it was re­por­ted, and phone con­ver­sa­tions about the situ­ation.

Mean­while, NC­CIC and the FBI have a sys­tem that dis­sem­in­ates bul­let­ins to com­pan­ies and agen­cies with in­struc­tions on pre­vent­ing de­struct­ive at­tacks and pro­tect­ing sens­it­ive data.

But the two sys­tems are not con­nec­ted.

“This tick­et­ing sys­tem does not link situ­ation­al aware­ness products (i.e., alerts and bul­let­ins) that have been is­sued and are as­so­ci­ated with a spe­cif­ic cy­ber in­cid­ent, threat or vul­ner­ab­il­ity,” the memo states.

An­oth­er dis­con­nect: “Fed­er­al cy­ber op­er­a­tions cen­ters of­ten share their in­form­a­tion with one an­oth­er. However, no single en­tity com­bines all in­form­a­tion avail­able from these cen­ters and oth­er sources to provide a con­tinu­ously up­dated, com­pre­hens­ive pic­ture of cy­ber threat and net­work status to provide in­dic­a­tions and warn­ing of im­min­ent in­cid­ents, and to sup­port a co­ordin­ated in­cid­ent re­sponse.”

NC­CIC does not pos­sess the tech­no­logy ne­ces­sary to broad­cast on­go­ing up­dates and avoid du­plic­ate com­mu­nic­a­tions, the in­spect­or gen­er­al re­por­ted.

As rem­ed­ies, IG of­fi­cials sug­ges­ted a know­ledge man­age­ment data­base, auto­mat­ic call­ing trees and a com­mu­nic­a­tions-track­ing sys­tem.

These tech­no­lo­gies will re­quire ad­di­tion­al fund­ing, Home­land Se­cur­ity of­fi­cials told in­spect­ors. Of­fi­cials plan to im­prove ex­ist­ing in­form­a­tion shar­ing tools and bring new cap­ab­il­it­ies on­line dur­ing the next four years, they said.

“Tech­no­lo­gies and pro­cesses to im­prove dis­cov­er­ab­il­ity and avail­ab­il­ity of data between and among the cy­ber op­er­a­tions cen­ters serve as a found­a­tion to the in­form­a­tion shar­ing cap­ab­il­ity sets. These cap­ab­il­it­ies, coupled with auto­mated ma­chine-to-ma­chine data trans­fer, will greatly im­prove the abil­ity to link data sets and im­prove situ­ation­al aware­ness,” Su­z­anne Spauld­ing, act­ing un­der­sec­ret­ary of the DHS Na­tion­al Pro­tec­tion and Pro­grams Dir­ect­or­ate, wrote in a Sept. 5 writ­ten re­sponse to a draft re­port.

More from Nex­t­Gov:

Obama Calls for IT Pro­cure­ment Re­form

FBI Seeks Video Re­cog­ni­tion Tech­no­logy to Auto­mat­ic­ally ID Sus­pects

FCC Eyes New Spec­trum for Wi-Fi-Type Ser­vice

×