Cybersecurity

Commerce bureaus flunk cyber test

cyber attack button

The Department of Commerce is unprepared for a cyberattack to the point that only one of five bureaus or operations centers tested with an external threat responded adequately, according to an inspector general’s report released last week.

Over the course of eight months of fieldwork last year, the IG used automated software to direct a steady flow of suspicious traffic at the department’s public-facing websites. Of the five bureaus or operations centers tested, only one analyzed and moved to block the cyber threat, while three did nothing at all in response, the report said.

The close communication between department bureaus and their Internet and security services providers that is needed to stave off cyber-threats is sorely lacking at Commerce, according to the report, which was released April 24. The bureaus surveyed have hardly communicated on security issues with their providers since initiating Managed Trusted Internet Protocol Services (MTIPS), the report said.

The report covered four Commerce Department bureaus: the Bureau of Economic Analysis, the Bureau of Industry and Security, the International Trade Administration, and the U.S. Patent and Trademark Office. It also surveyed a Security Operations Center in the CIO’s office. How specific bureaus fared was not disclosed for security reasons.   

In an April 7 written response to a draft of the report, outgoing Commerce CIO Simon Szykman said the department agreed with the report’s findings and pledged “corrective action plans from individual bureaus.” The department plans to meet with its MTIPS provider to address the concerns raised in the report, he added.

The IG report recommends that Commerce bureaus brush up on the National Institute of Standards and Technology’s Computer Security Incident Handling Guide, which encourages agencies to have a formal plan for internal communications during a cyber-incident. The report also advised department bureaus that do not have an around-the-clock security operations center to consider filling those lapses in coverage with the help of an MTIPS provider.

About the Author

Sean Lyngaas is an FCW staff writer covering defense, cybersecurity and intelligence issues. Prior to joining FCW, he was a reporter and editor at Smart Grid Today, where he covered everything from cyber vulnerabilities in the U.S. electric grid to the national energy policies of Britain and Mexico. His reporting on a range of global issues has appeared in publications such as The Atlantic, The Economist, The Washington Diplomat and The Washington Post.

Lyngaas is an active member of the National Press Club, where he served as chairman of the Young Members Committee. He earned his M.A. in international affairs from The Fletcher School of Law and Diplomacy at Tufts University, and his B.A. in public policy from Duke University.

Click here for previous articles by Lyngaas, or connect with him on Twitter: @snlyngaas.


The Fed 100

Read the profiles of all this year's winners.

Featured

  • Then-presidential candidate Donald Trump at a 2016 campaign event. Image: Shutterstock

    'Buy American' order puts procurement in the spotlight

    Some IT contractors are worried that the "buy American" executive order from President Trump could squeeze key innovators out of the market.

  • OMB chief Mick Mulvaney, shown here in as a member of Congress in 2013. (Photo credit Gage Skidmore/Flickr)

    White House taps old policies for new government makeover

    New guidance from OMB advises agencies to use shared services, GWACs and federal schedules for acquisition, and to leverage IT wherever possible in restructuring plans.

  • Shutterstock image (by Everett Historical): aerial of the Pentagon.

    What DOD's next CIO will have to deal with

    It could be months before the Defense Department has a new CIO, and he or she will face a host of organizational and operational challenges from Day One

  • USAF Gen. John Hyten

    General: Cyber Command needs new platform before NSA split

    U.S. Cyber Command should be elevated to a full combatant command as soon as possible, the head of Strategic Command told Congress, but it cannot be separated from the NSA until it has its own cyber platform.

  • Image from Shutterstock.

    DLA goes virtual

    The Defense Logistics Agency is in the midst of an ambitious campaign to eliminate its IT infrastructure and transition to using exclusively shared, hosted and virtual services.

  • Fed 100 logo

    The 2017 Federal 100

    The women and men who make up this year's Fed 100 are proof positive of what one person can make possibile in federal IT. Read on to learn more about each and every winner's accomplishments.

Reader comments

Mon, Apr 28, 2014 Charles Sun

For the Bureaus and Administrations within U.S. DOC, they are officially called Operating Units (OU), not "operations centers".

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group