As Congress, NSA head Keith Alexander, and others are calling for stronger cybersecurity laws, the Department of Homeland Security is working on something more basic: getting its threat-tracking system to work across its own operations and the Department of Defense. An October 24th memo from the Office of Inspector General — which investigates and makes recommendations for specific agency problems — found that although the DHS can keep track of threats and provide updates on ongoing issues, "federal cyber operations centers do not have a common incident management system tool that tracks, updates, shares, and coordinates cyber information with each other."
Homeland Security's National Cybersecurity and Communications Integration Center (NCCIC) is, as its name suggests, responsible for centralizing and coordinating cybersecurity operations across departments, agencies, companies, and local governments. The center uses a ticketing system that can record when incidents happen, as well as email and phone correspondence about the events, and it can provide ongoing updates through alerts and bulletins. But those systems aren't actually linked, which can delay sharing information or make it harder to coordinate a response.
"Federal cyber operations centers do not have a common incident management system."
"Federal cyber operations centers often share their information with one another," the report reads. "However, no single entity combines all information available from these centers and other sources to provide a continuously updated, comprehensive picture of cyber threat and network status to provide indications and warning of imminent incidents, and to support a coordinated incident response." In some cases, the Department of Homeland Security says there aren't enough funds to support an overhaul — the Office of Inspector General found that it also needed more staff to operate around the clock, rather than the current 14 hours a day. There can also be basic disconnects: the Department of Defense's tracking system has ten categories for incidents, but the Department of Homeland Security's has seven.
The Office of Inspector General has proposed several recommendations, and Homeland Security has agreed to make them. While a September memo says that some changes had already been in progress, others, the agency says, will require more funding. The recommendations come at a time when both civilian and military US cybersecurity policy is up in the air: recent reports say that military cyber command, currently run by NSA head Keith Alexander, will likely be split into a separate post with Alexander's departure next year.