The report released last week by the DHS inspector general reveals an institution that is floundering. CERT is understaffed, with no capacity to do anything other than process data for anomalies and react to breaches after the fact with fixes it has no authority to enforce. Among the report's findings: Of the 98 positions authorized for the emergency readiness team, only 45 are filled, forcing it to rely on outside contractors to perform even basic functions such as updating operating procedures.
After seven years, CERT still lacks a strategic plan, goals or any performance measures to assess its progress. Making its role as the nation's ostensible first line of cyber defense still more difficult is the fact that it has no authority to ensure that any of its safety recommendations are implemented, even by the other federal agencies it is charged with protecting. Many partner agencies reported not receiving any instructions for CERT's primary monitoring software, making it difficult for them to access information about threats.
Where is Sam Damon?
A blog dedicated to debate and commentary on national security, foreign affairs, veterans' issues, and a whole host of other topics. If you are not familiar with who Sam Damon is, click here. Feel free to post comments or contact Onager via e-mail at firstname.lastname@example.org.