Countermeasures

GAO warns some federal agencies fail to meet requirements for cybersecurity incident response

Over the years, federal agencies worked to improve their abilities to detect, analyze and handle cybersecurity incidents, according to the U.S. Government Accountability Office (GAO), but some have failed to meet requirements surrounding the tracking of incidents. 

Responses to ransomware attacks and data breaches have reportedly improved, but without a record of IT logs, GAO noted that the detection, investigation and remediation of cyberthreats is weakened. Agencies are standardizing incident response plans and showing improvement in capabilities across the board, with all 23 agencies now deploying endpoint detection and response solutions, and 16 separate agencies reporting 80 percent or greater coverage therein. 

However, that came with a caveat: 20 agencies failed to meet requirements for investigation and remediation capabilities, despite a requirement from the Office of Management and Budget (OMB) to reach the advanced (tier 3) level by August 2023. Tier 3, in this instance, means that logging requirements should have been met at all criticality levels. Worse, only three of those who failed even reached basic tier 1 level, while the remaining 17 sat at an ineffective tier 0 level, jeopardizing the federal government’s efforts to fully detect, investigate and remediate threats.

Agencies generally described three difficulties that prevented their ability to fully respond to cybersecurity incidents : lack of staff, technical challenges, and limitations in cyber threat information sharing. 

The federal government recognizes, however, that cyber-based attacks on its systems are becoming more damaging and disruptive year after year. GAO stepped in to describe the capabilities agencies used to prepare for and respond to these threats, evaluate progress made in preparing for them and to describe the challenges agencies face in preparing for and addressing incidents. In all, it ended up with 20 recommendations for 19 agencies on how best to implement event logging requirements and other items. 

Many of these recommendations consisted of putting the onus of responsibility on the departments’ respective secretaries, as well as requiring the director of the Cybersecurity and Infrastructure Security Agency (CISA) to ensure it follows up with federal agencies when the agency updates the Federal Government Cybersecurity Incident & Vulnerability Response Playbooks. Most agencies agreed with the recommendations. 

Chris Galford

Recent Posts

Legislation would reduce cost of medical services provided outside of Military Treatment Facilities

Legislation recently introduced in the U.S. House of Representatives would work to reduce reimbursement costs…

2 days ago

DHS Inspector General issues final report on Insufficient Oversight of FEMA COVID-19 grants

A new report from the U.S. Department of Homeland Security’s Office of Inspector General found…

2 days ago

Air Force leases land to develop Convergence Research Center

The U.S. Department of the Air Force and Synergy Building Systems, an Ohio-based real estate…

4 days ago

DHS says it will support security at Super Bowl LIX

The U.S. Department of Homeland Security will continue its two-decade long tradition of supporting the…

4 days ago

Legislation would conduct study of certain foreign technologies

Bipartisan legislation recently reintroduced in the U.S. House of Representatives would safeguard communications networks from…

5 days ago

Lockheed Martin awarded $383M contract for sea defense

The U.S. Navy has awarded Lockheed Martin a contract modification for the development of the…

5 days ago

This website uses cookies.