The IG called on the deputy secretary for EDA to identify the agency’s areas of IT responsibility and ensure the implementation of required security measures.
It also called on the agency to determine whether EDA can reduce its IT budget and staff expenditures. The IG further recommended that EDA work to ensure it does not destroy additional IT inventory that was taken out of service as a result of this cyber incident.
The IG also called on the Commerce CIO to ensure its Computer Incident Response Team, can appropriately and effectively respond to future cyber incidents, and to ensure that CIRT management has proper oversight and involvement in cyber incidents to ensure that required incident response activities take place.
