CISA Made Progress but Resources, Staffing, and Technology Challenges Hinder Cyber Threat Detection and Mitigation

Submitting OIG:

Report Description:

Following the SolarWinds breach discovery in 2020, CISA improved its ability to detect and mitigate risks from major cyberattacks, but work remains to safeguard Federal networks. CISA coordinates Federal agencies’ defense against cyberattacks, but the SolarWinds response revealed that CISA did not have adequate resources — backup communication systems, staff, or secure space — to effectively respond to threats.

Date Issued:

Wednesday, March 8, 2023

Agency Reviewed / Investigated:

Department of Homeland Security

Submitting OIG-Specific Report Number:

OIG-23-19

External entity, if applicable:

CISA

Location(s):

Agency-Wide

Type of Report:

Audit

Questioned Costs:

Funds for Better Use:

Number of Recommendations:

Additional Details Link:

https://www.oig.dhs.gov/sites/default/files/assets/2023-03/OIG-23-19-Mar23.pdf

Recommendation Number	Recommendation Status	Significant Recommendation
1	Open	No
We recommend the CISA Director update CISA’s Continuity of Operations Plan and develop and implement an information system contingency plan, to ensure availability of redundant systems, capabilities, and communication methods to use if primary systems or networks are compromised.
2	Open	No
We recommend the CISA Director require the facility and operations staff conduct an assessment to determine whether secure facility space is appropriately sized and configured to meet operational needs and document any changes necessary for staff to obtain and maintain appropriate access to intelligence information.
3	Open	No
We recommend the CISA Director require an assessment to document the levels of staffing, resources, and intelligence access needed for operational divisions, cyber detection and mitigation capabilities, and support functions.
4	Open	No
We recommend the CISA Director create and implement a long-term plan for the Cybersecurity Division that includes provisions for ownership, operations, and maintenance of the National Cybersecurity Protection System’s data analytics capabilities.

Recommendation Number

Recommendation Status

Significant Recommendation

Additional Details

Open

We recommend the CISA Director update CISA’s Continuity of Operations Plan and develop and implement an information system contingency plan, to ensure availability of redundant systems, capabilities, and communication methods to use if primary systems or networks are compromised.

Open

We recommend the CISA Director require the facility and operations staff conduct an assessment to determine whether secure facility space is appropriately sized and configured to meet operational needs and document any changes necessary for staff to obtain and maintain appropriate access to intelligence information.

Open

We recommend the CISA Director require an assessment to document the levels of staffing, resources, and intelligence access needed for operational divisions, cyber detection and mitigation capabilities, and support functions.

Open

We recommend the CISA Director create and implement a long-term plan for the Cybersecurity Division that includes provisions for ownership, operations, and maintenance of the National Cybersecurity Protection System’s data analytics capabilities.

Search form

CISA Made Progress but Resources, Staffing, and Technology Challenges Hinder Cyber Threat Detection and Mitigation

Related Open Recommendations