IG: DHS need cyber security coordination office
- By Alice Lipowicz
- Apr 16, 2008
The Homeland Security Department is moving too slowly to protect its most critical internal computer systems, according to a new from the department’s inspector general, Richard Skinner.
The report recommends creating an office within DHS to determine protection priorities for its critical cyber infrastructure and coordinate efforts to protect those information technology assets.
Under Homeland Security Presidential Directive 7, federal agencies must identify critical cyber infrastructures, and DHS uses an enterprise tool to identify those systems. But there is no process in place to rank those systems to ensure that the high-risk ones are protected.
“DHS has not determined which of these high-risk systems must be given priority when allocating protection resources,” Skinner wrote.
In addition, although the department has established the National Center for Critical Information Processing and Storage (NCCIPS) to host departmental applications and handle network connectivity, disaster recovery and critical data storage, the migration of IT systems to the national center is moving slowly, the report states.
“The current DHS schedule for migrating systems to the NCCIPS is not based on system criticality but instead is based on which component can fund the migration of a system,” Skinner wrote. “As a result, DHS may not be providing a secure processing and backup facility for its most critical systems.”
Assisting government agencies with cybersecurity has been an active area for contractors. The Bush administration has pledged a major increase in spending on such programs.
Congress approved $97.3 million in funding for NCCIPS for fiscal 2008.
Alice Lipowicz is a staff writer covering government 2.0, homeland security and other IT policies for Federal Computer Week.