BIS Needs to Improve Its Incident Response Capabilities to Handle Sophisticated Cyberattacks

For our evaluation of the Bureau of Industry and Security’s (BIS's) detection of and response to cyber incidents, our objective was to assess the adequacy of actions taken by BIS when detecting and responding to cyber incidents in accordance with federal and departmental requirements. We found that (1) BIS lacked effective detection and response capabilities to handle our simulated malicious activities; (2) BIS misconfigured critical security controls for its export control networks; and (3) BIS mishandled classified and other privileged credentials.