Bureaus within the Department of Commerce have established varying incident detection and response capabilities, but need to more quickly respond to intrusion attempts, the department’s inspector general has said after probing their public facing websites with a security assessment tool.
The IG tested the websites of the Bureau of Economic Analysis, Bureau of Industry and Security, International Trade Administration, and United States Patent and Trademark Office by mimicking real-world hacking techniques and cyber attacks.
It then analyzed information such as intrusion detection system – IDS, logs and alerts generated during the test, and evaluated actions taken by the bureaus in response to the testing.
While all five bureaus detected and logged the testing activities, only one bureau analyzed the simulated cyber event and intervened to completely block it, one other bureau analyzedit days later, and three bureaus did not perform any analysis and did not take any action to respond, according to the IG.
It called on the department’s CIO to work with management to ensure that all Bureaus follow the National Institute of Standards and Technology’s Computer Security Incident Handling Guide to take timely action in response to potential cyber attacks, as well as determine the feasibility and cost effectiveness of independently assessing incident management capabilities at all bureaus’ security operations centers.