Skip to main content
Date Issued
Submitting OIG
Department of Homeland Security OIG
Other Participating OIGs
Department of Homeland Security OIG
Agencies Reviewed/Investigated
Department of Homeland Security
Report Number
OIG-23-19
Report Description

Following the SolarWinds breach discovery in 2020, CISA improved its ability to detect and mitigate risks from major cyberattacks, but work remains to safeguard Federal networks. CISA coordinates Federal agencies’ defense against cyberattacks, but the SolarWinds response revealed that CISA did not have adequate resources — backup communication systems, staff, or secure space — to effectively respond to threats.

Report Type
Audit
Agency Wide
Yes
Number of Recommendations
4
Questioned Costs
$0
Funds for Better Use
$0
External Entity
CISA

Open Recommendations

This report has 4 open recommendations.
Recommendation Number Significant Recommendation Recommended Questioned Costs Recommended Funds for Better Use Additional Details
1 No $0 $0

We recommend the CISA Director update CISA’s Continuity of Operations Plan and develop and implement an information system contingency plan, to ensure availability of redundant systems, capabilities, and communication methods to use if primary systems or networks are compromised.

2 No $0 $0

We recommend the CISA Director require the facility and operations staff conduct an assessment to determine whether secure facility space is appropriately sized and configured to meet operational needs and document any changes necessary for staff to obtain and maintain appropriate access to intelligence information.

3 No $0 $0

We recommend the CISA Director require an assessment to document the levels of staffing, resources, and intelligence access needed for operational divisions, cyber detection and mitigation capabilities, and support functions.

4 No $0 $0

We recommend the CISA Director create and implement a long-term plan for the Cybersecurity Division that includes provisions for ownership, operations, and maintenance of the National Cybersecurity Protection System’s data analytics capabilities.

Department of Homeland Security OIG

United States