DHS: Agencies must monitor networks around the clock

Department, with OMB, working to raise security standards, but silent on how requirements may change.

In an effort to better protect federal networks, the Homeland Security Department expects agencies to provide around-the-clock monitoring of their IT systems, the head of the department said yesterday.

Comment on this article in The Forum.DHS Secretary Michael Chertoff, during a speech at the RSA security conference in San Francisco, said certification and accreditation of systems are the primary means of measuring compliance with cybersecurity guidelines, allowing agencies to take inventory of what IT assets they have in place. But such standards do little to test for security vulnerabilities. Chertoff said enhancements to required accreditation and certification of IT systems will bring agency capabilities to a "minimum level of 24-7 watch and warning.

"Agencies are uneven in how they protect their assets," he said. "A chain is as strong as its weakest link, and a network is as strong as its weakest member."

Chertoff said DHS is working with the Office of Management and Budget "to raise the standards for everyone [within] the federal domain." He would not provide specifics of how system security requirements would change, nor would he say whether OMB plans to release additional mandates for agencies

Chertoff's statements followed those of Karen Evans, administrator of e-government and information technology at OMB. At a February congressional hearing, Evans hinted that new metrics that would better gauge the ability of agency networks to combat threats may issued soon.

Chertoff noted efforts by DHS to improve governmentwide cybersecurity capabilities through enhancements to Einstein, the system that monitors agency networks using an automated process for collecting, correlating, analyzing and sharing computer security information with the U.S. Computer Emergency Readiness Team.

He pointed to cybersecurity funds included in DHS' fiscal 2009 budget request as being devoted to making the Einstein system less reactive to security threats and more focused on preventing them. In addition, Chertoff noted plans to consolidate the number of access points from the Internet to federal networks from thousands to about 50, and he emphasized the importance of the largely classified national cyber initiative ordered by President Bush in January to expand efforts in monitoring Internet traffic to protect against cyberattacks on agencies' computer systems.

"I'm not suggesting that having announced a strategy, we're declaring victory and the job is done," Chertoff said. "It's going to be hard. [But] the fact that it's hard doesn't mean we shouldn't do it; it means we should roll up our sleeves and get started."