Image: II.studio/Shutterstock.com
By: FEDweek StaffAn IG report has called on DHS, a department with major responsibilities over cybersecurity government-wide and nationwide, to step up its own internal protections in that area.
It said there were more than 3,000 cyber incidents involving DHS components over October 2017-March 2021, of which more than 100 involved malware, ransomware and phishing. “Although DHS has established guidance for its components to protect information and guard against cyber incidents, DHS has not updated all cybersecurity guidance” from the National Institute of Standards and Technology.
“Also, some DHS components did not (1) ensure users completed required cybersecurity awareness training; (2) consistently educate users about the risks of malware, ransomware, and phishing attacks; and (3) conduct phishing exercises, as required, in fiscal years 2019 or 2020,” it said.
Seven of the eight DHS components the IG evaluated did not comply with the requirements for annual cybersecurity awareness training, with two of them having less than a 50 percent completion rate in 2019-2020 and a third less than 60 percent. Further, the training materials “did not consistently educate users on the risks of malware, ransomware, and phishing attacks.”
Only four of the eight conducted semi-annual phishing exercises in FYs 2019 or 2020 and adequately documented the results, it said, noting that “according to NIST, most ransomware attacks are made possible by users who engage in unsafe practices, administrators who implement unsecure configurations, or developers who have insufficient security training.”
DHS does not have a centralized process to track or manage cybersecurity awareness training records, it added, leaving that up to components—whose records are incomplete.
It said management agreed with recommendations to address those issues.
Biden Reaffirms Intent for 4.6 Percent Raise; 0.5 Points Would be Split Off as Locality Pay
Contractor for New TSP System Owns Up to Missteps
TSP Investors Recover Some Ground in July
Vaccination Status No Longer Pertinent to Some Federal Workplace Safety Protocols
Vaccine Mandate Not ‘Currently’ in Effect, Task Force Stresses
Biden Signs Climate, Tax Bill with Polarizing IRS Workforce Boost
Lower-Performing Postal Facilities Share Common Personnel Issues, IG Says
See also,
Exceptions to the 10 Percent Early Withdrawal Penalty
What Happens to Your Retirement Application
