12 February 2017

GAO: DHS cyber communications center could communicate better


by Tony Ware

Then-Secretary of Homeland Security Jeh Johnson spends a day at the National Cybersecurity and Communications Integration Center (NCCIC) for a hands-on look at how DHS protects cyberspace in Arlington, Virginia, March 11, 2016. While there Secretary Johnson awarded employees for their hard work and dedication in addition to working side-by-side with employees at the NCCIC, which serves as the central location for government, private sector and international partners involved in cybersecurity and communications protection to coordinate and synchronize their efforts. Official DHS photo by Jetta Disco. 

The Department of Homeland Security’s sharing of cybersecurity-related information with federal and nonfederal entities could be improved by assessing and optimizing a specific department component, according to a recent report from the Government Accountability Office.

The DHS’s National Cybersecurity and Communications Integration Center is required by the National Cybersecurity Protection Act of 2014 and the Cybersecurity Act of 2015 to perform 11 cybersecurity-related functions, and it does so adequately, says GAO. However, it could enhance effectiveness and efficiency by establishing metrics and methods for evaluating performance in accordance with the NCCIC’s implementing principles.

Among the functions of the NCCIC are monitoring traffic in and out of federal networks to spot vulnerabilities and threats and providing bulletins on cyber threat indicators, defensive measures and cybersecurity risks and incidents to federal, state, local, tribal and territorial government entities, private-sector customers and other partner organizations.

GAO assessed the extent to which NCCIC delivered its products and services to over 2,792 recipients and identified areas where coordination was sufficient, as well as where tracking incident sharing and updating contact information could improve timely communication for protecting critical digital infrastructure.

DHS agreed with GAO’s recommendations on how to keep NCCIC in accordance with the best principles for identifying and communicating cyber risks and mitigation.

The entire report can be viewed on GAO’s website.

No comments: