Information Security Homeland Security Needs To Enhance Effectiveness Of Its Program

Information Security: Homeland Security Needs to Enhance Effectiveness of Its Program

The Los Alamos National Lab. (LANL) has experienced security lapses protecting information on its unclassified computer network. The unclassified network contains sensitive information. This report: (1) assessed the effectiveness of the security controls LANL has in place to protect information transmitted over its unclassified computer network; (2) assessed whether LANL had implemented an information security program for its unclassified network; and (3) examined expenditures to protect LANL¿s unclassified network from FY 2001 through 2007. The author examined security policies and procedures and reviewed the laboratories' access controls for protecting information on the unclassified network. Includes recommendations. Illustrations.

Weaknesses in info. security (IS) are a widespread problem that can have serious consequences -- such as intrusions by malicious users, compromised networks, and the theft of intellectual property and personally identifiable info. -- and has identified IS as a governmentwide high-risk issue since 1997. Concerned by reports of significant vulnerabilities in fed. computer systems, Congress passed the Fed. IS Mgmt. Act of 2002 (FISMA), which authorized and strengthened IS program, evaluation, and reporting requirements for fed. agencies. This report evaluates: (1) the adequacy and effectiveness of agencies' IS policies and practices; and (2) fed. agencies' implementation of FISMA requirements. Includes recommendations. Illustrations.

Pervasive and sustained cyber attacks continue to pose a potentially devastating threat to the systems and operations of the fed. government. In recent months, fed. officials have cited the continued efforts of foreign nations and criminals to target government and private sector networks; terrorist groups have expressed a desire to use cyber attacks to target the U.S.; and press accounts have reported attacks on the Web sites of government agencies. This statement describes: (1) cyber threats to fed. information systems and cyber-based critical infrastructures; (2) control deficiencies at fed. agencies that make these systems and infrastructures vulnerable to cyber threats; and (3) opportunities that exist for improving fed. cybersecurity.