GAO makes cybersecurity recommendations

The U.S. Government Accountability Office (GAO) announced on Thursday that it has made a series of recommendations to the Department of Homeland Security (DHS) regarding the vulnerabilities of cyber infrastructure and how to better prevent cybercrime attacks.

The GAO noted that the National Cybersecurity Preselection System (NCPS) is partially, but not fully, meeting its stated system objectives. Some of the most crucial points among the recommendations included intrusion detection, intrusion prevention, analytics, and information sharing.

NCPS provides the DHS with a limited ability to detect potentially malicious activity entering and existing computer networks at federal agencies. The study warned that the Secretary of Homeland Security should make improvements on the current detection approach.

The DHS has developed metrics for measuring the performance of NCPS, but does not gauge the quality, accuracy or effectiveness of the system’s intrusion detection and prevention capabilities.

Twenty-three federal agencies have adopted the NCPS to varying degrees. Only five of the 23 agencies, however, were receiving intrusion prevention services. The DHS has stated that the agency is working to overcome policy and implementation challenges. Additionally, the report states that all agencies listed must ensure that all network traffic is being routed through NCPS sensors.

The report was created after the GAO noticed a spike in cyber-related attacks on critical infrastructure.