US government unprepared for cyberattacks, says report

The US Computer Emergency Readiness Team isn’t, er, ready for emergencies, according to an audit by the Department of Homeland Security (DHS).

The US-CERT team is meant to protect non-military government agencies against cyberattacks. But it cannot monitor networks or analyze threats in real time, says the report, and lacks the authority to make other federal agencies become more secure.

According to AP, DHS Undersecretary Rand Beers said the DHS agreed that giving the team more formal authority would be helpful.

But it may face a bit of a turf battle, as some members of Congress argue that such measures should be overseen by the White House and the National Institute of Standards and Technology (NIST).

Other problems highlighted in the report include the glacial speed of the team’s hiring practices. Since the beginning of last year, it’s attempted to boost numbers from 16 to nearly 100, but the need for security clearance means that each new hire can take up to a year.

One particularly problematic project highlighted in the report is Einstein, designed to identify unauthorized intrusions and collect information. But this is working too slowly to be useful.

In any case, reports the Wall Street Journal, several federal agencies have complained that they are not being given access to the Einstein data.