Fundamental Deficiencies in OS’ Cybersecurity Incident Response Program Increase the Risk of Cyberattacks

For our final report on our evaluation of the Office of the Secretary’s (OS’) incident response program, our objective was to assess the adequacy of actions taken by the U.S. Department of Commerce (the Department) and its bureaus when detecting and responding to cyber incidents in accordance with federal and Departmental requirements. Overall, we identified fundamental deficiencies in OS’ cybersecurity incident response program that increased the risk of successful cyberattacks. Specifically, we found the following: I. OS Security Operations Center’s (OS SOC)’s security tools were not properly configured to detect incidents; II. OS SOC did not effectively handle a simulated incident; and III. OS’ Office of the Chief Information Officer did not manage its incident detection and response program in accordance with federal requirements.