[Infowarrior] - DHS Geek Squad: No Power, No Plan, Lots of Vacancies

Wed Jun 16 17:52:33 CDT 2010

Next post
DHS Geek Squad: No Power, No Plan, Lots of Vacancies

	• By Noah Shachtman  
	• June 16, 2010  | 
	• 2:46 pm  | 
	• Categories: Crime and Homeland Security

http://www.wired.com/dangerroom/2010/06/dhs-geek-squad-understaffed-with-no-juice-and-no-plan/

The federal government still sucks at protecting its networks. One big reason why: The agency that’s supposed to tighten up Washington’s information security has neither the authority nor the manpower to respond effectively to the threat of electronic attacks.

Back in 2003, the Department of Homeland Security set up with U.S. Computer Emergency Readiness Team (US-CERT) to spot vulnerabilities in the government’s networks, and coordinate responses when those flaws are exploited. But seven years later, US-CERT is still “without a strategic plan,” DHS Inspector General Richard Skinner tells the House Homeland Security Committee.

The group is working at less than half-strength, with 45 of 98 positions filled. And when US-CERT finds holes in the networks, all it can do is gently suggest recommendations to other federal agencies. Those other groups don’t have to listen.

In theory, DHS is in charge of dot-gov network defenses. Under a new bill proposed by Senator Joe Lieberman, the department would also assume control of certain civilian networks’ security in the event of an “imminent cyber threat.”

In reality, DHS’ geek squads are not nearly as big or as well-equipped as the ones in the Pentagon and in the intelligence agencies. Functionally, that puts the secretive National Security Agency and the military’s new Cyber Command in charge when cyber attacks get serious. “That is the structure of the cyber policy plan that the president announced, so we absolutely intend to use the technical resources, the substantial ones that NSA has,” Homeland Security chief Janet Napolitano told Danger Room last year.

Richard Bejtlich, a former Air Force cybersecurity officer now with General Electric, puts it a little more pithily: “When you’re in trouble, you go to the guys who actually have a clue.”

Even Napolitano’s most technically adroit troops are having trouble keeping tabs on the traffic inside government networks.

“US-CERT does not have an automated correlation tool to identify trends and anomalies,” Skinner observed. So it takes them a long time before they can spot vulnerabilities. DHS recent bought “an automated correlation tool to analyze the vast amount of data…. However, US-CERT is currently experiencing problems with reconfiguring the tool to collect data and understand the overall data flow. US-CERT management stated that it may be six months before the problems are corrected and the benefits of the system can be seen.”

Photo: Department of Homeland Security