DHS' National Cybersecurity Protection System 'Only Partially' Meeting Goals, GAO Says
The Department of Homeland Security’s National Cybersecurity Protection System (NCPS) "only partially" has met its objectives of detecting, analyzing and preventing malicious activity on federal networks, the Government Accountability Office said Thursday in a report. NCPS gives DHS a “limited…
Sign up for a free preview to unlock the rest of this article
Export Compliance Daily combines U.S. export control news, foreign border import regulation and policy developments into a single daily information service that reliably informs its trade professional readers about important current issues affecting their operations.
ability” to detect malicious activity via known malicious data pattern “signatures” but doesn’t detect deviations from baseline network behavior, GAO said. NCPS also doesn’t monitor some types of network traffic and the signatures it monitors don’t address threats exploiting common security vulnerabilities, GAO said. NCPS’ analytical tools include a centralized platform for aggregating data and the capability for analyzing malicious code characteristics, GAO said. NCPS’ capability to prevent intrusions onto federal networks is limited to only the types of traffic it monitors, including email. NCPS doesn’t have the ability to address malicious content transmitted via Web traffic but plans to have this capability at some point this year, GAO said. DHS plans to further enhance its analytics capabilities by 2018, GAO said. DHS hasn’t developed most of the functionality of NCPS’ information sharing capability, and its current threat notifications have garnered mixed results, GAO said. The office recommended that DHS’ Office of Cybersecurity and Communications develop metrics for measuring NCPS’ effectiveness and “clearly defined requirements” for detecting threats on federal networks. GAO also recommended developing other enhancements to NCPS’ detection and prevention capabilities.