The department isn’t effectively managing continuous monitoring, the auditor said.
The Homeland Security Department isn’t doing enough to secure classified information on its intelligence systems, according to a report summary out Wednesday from the department’s inspector general.
The tools that continuously monitor those systems for cyber threats aren’t interoperable with each other, the auditor found.
The department also has not established qualitative or quantitative measures for whether that continuous monitoring is effective or ineffective, the report said.
The U.S. Secret Service, a Homeland Security division, also hasn’t ensured its employees and contractors are completing required annual security training.
The inspector general made three recommendations regarding security of the intelligence systems, but the specific recommendations aren’t included in the unclassified summary. The full report remains classified. Its findings are based on an investigation conducted between May and November, 2017.
The broader Homeland Security Department received middling marks in its annual information security review released in March.
Among other duties, Homeland Security is broadly responsible for the civilian government’s cybersecurity and manages numerous cross-government cyber tools.