The departments of Homeland Security and Defense, including the National Security Agency, have no way of sharing current alerts about computer breaches with each other or industry, an inspector general memorandum reveals.
The problem is not an inability to document incidents, but, rather, an inability to alert potential victims as the situation unfolds and to provide instructions.
There is one system for circulating event reports, a separate one for circulating directions on how to respond, and no real-time system for joining the two, according to an Oct. 24 DHS IG report released this week.
The missing technology should be housed at the 24-hour National Cybersecurity and Communications Integration Center, a DHS organization that distributes information among civilian agencies, the intelligence community, Defense components and critical infrastructure sectors, such as the power industry.
The report suggests the chasm between NCCIC and various agency operations centers might open the door to incoming threats, such as malicious code targeting military systems or oil and gas companies.
“According to the NCCIC director, there is no national system or common cyber tool currently in place for the federal cyber centers to share information,” the report found.
Officials at NCCIC, pronounced “N-kick,” acknowledged that a common cyber system could allow the separate centers to exchange “actionable information,” electronically and on a real time basis, with key industries to minimize damage.
Right now, NCCIC has a ticketing system that documents incident details, such as the time of the abnormal event, date it was reported, and phone conversations about the situation.
Meanwhile, NCCIC and the FBI have a system that disseminates bulletins to companies and agencies with instructions on preventing destructive attacks and protecting sensitive data.
But the two systems are not connected.
“This ticketing system does not link situational awareness products (i.e., alerts and bulletins) that have been issued and are associated with a specific cyber incident, threat or vulnerability,” the memo states.
Another disconnect: “Federal cyber operations centers often share their information with one another. However, no single entity combines all information available from these centers and other sources to provide a continuously updated, comprehensive picture of cyber threat and network status to provide indications and warning of imminent incidents, and to support a coordinated incident response.”
NCCIC does not possess the technology necessary to broadcast ongoing updates and avoid duplicate communications, the inspector general reported.
As remedies, IG officials suggested a knowledge management database, automatic calling trees and a communications-tracking system.
These technologies will require additional funding, Homeland Security officials told inspectors. Officials plan to improve existing information sharing tools and bring new capabilities online during the next four years, they said.
“Technologies and processes to improve discoverability and availability of data between and among the cyber operations centers serve as a foundation to the information sharing capability sets. These capabilities, coupled with automated machine-to-machine data transfer, will greatly improve the ability to link data sets and improve situational awareness,” Suzanne Spaulding, acting undersecretary of the DHS National Protection and Programs Directorate, wrote in a Sept. 5 written response to a draft report.
More from NextGov:
What We're Following See More »
"It is with humility, determination, and boundless confidence in America’s promise that I accept your nomination for president," said Hillary Clinton in becoming the first woman to accept a nomination for president from a major party. Clinton gave a wide-ranging address, both criticizing Donald Trump and speaking of what she has done in the past and hopes to do in the future. "He's taken the Republican party a long way, from morning in America to midnight in America," Clinton said of Trump. However, most of her speech focused instead on the work she has done and the work she hopes to do as president. "I will be a president of Democrats, Republicans, and Independents. For the struggling, the striving, the successful," she said. "For those who vote for me and for those who don't. For all Americans together."
Supporters of Bernie Sanders promised to walk out, turn their backs, or disrupt Hillary Clinton's speech tonight, and they made good immediately, with an outburst almost as soon as Clinton began her speech. But her supporters, armed with a handy counter-chant cheat sheet distributed by the campaign, immediately began drowning them out with chants of "Hillary, Hillary!"
If a new poll is to be believed, Hillary Clinton has a big lead in the all-important swing state of Pennsylvania. A new Suffolk University survey shows her ahead of Donald Trump, 50%-41%. In a four-way race, she maintains her nine-point lead, 46%-37%. "Pennsylvania has voted Democratic in the past six presidential elections, going back to Bill Clinton’s first win in 1992. Yet it is a rust belt state that could be in play, as indicated by recent general-election polling showing a close race."
Wednesday was the third night in a row that the Democratic convention enjoyed a ratings win over the Republican convention last week. Which might have prompted a fundraising email from Donald Trump exhorting supporters not to watch. "Unless you want to be lied to, belittled, and attacked for your beliefs, don't watch Hillary's DNC speech tonight," the email read. "Instead, help Donald Trump hold her accountable, call out her lies and fight back against her nasty attacks."
Catholics who attend mass at least weekly have increased their support of the Democratic nominee by 22 points, relative to 2012, when devout Catholics backed Mitt Romney. Meanwhile, a Morning Consult poll shows that those voters with advanced degrees prefer Hillary Clinton, 51%-34%. Which, we suppose, makes the ideal Clinton voter a Catholic with a PhD in divinity.