A new government report has found numerous problems with a critical Department of Homeland Security office charged with tracking and identifying cyberattacks on government systems and critical infrastructure.
The report from the Government Accountability Office says the National Cybersecurity and Communications Integration Center faces a number of impediments to safeguarding the nation’s cybersecurity.
The center does not have a single, consolidated system that tracks cyber incidents, the report said. Instead, it receives reports of cyber intrusions in a variety of ways, including by phone and email, which makes it more difficult for agents to catalogue them in one place.
The GAO said the center does not have contact information for nearly a quarter of representatives of all owners of critical cyber infrastructure that, if attacked, could have “a catastrophic impact on the nation.” This makes it more difficult for the center to get in immediate contact with owners of critical assets when necessary.
“Until NCCIC takes steps to overcome these impediments, it may not be able to efficiently perform its cybersecurity functions and assist federal and nonfederal entities in identifying cyber-based threats, mitigating vulnerabilities, and managing cyber risks,” the report states.
The audit comes amid heightened debate over the federal government’s handling of cyberattacks following the Russian government’s alleged cyber intrusions aimed at influencing the U.S. presidential election.
President Trump, who has been reluctant to accept the intelligence community’s conclusions about the Russian hacks, is expected to soon sign an executive action on cybersecurity that the White House abruptly postponed last week.
Rep. Michael McCaul (R-Texas), who chairs the House Homeland Security Committee, has called for reorganizing the DHS and creating one agency within the department to handle cybersecurity and infrastructure protection.
The center was established in 2009 to help coordinate efforts to address cyber threats between federal and local officials, the private sector and even foreign governments. It also develops cybersecurity products and services, like the National Cybersecurity Protection System, or EINSTEIN, which monitors traffic entering or leaving networks of federal agencies and helps detect and block intruders.