Connect with us

Hi, what are you looking for?

Cyber Security

Interior’s Cyber Threat Detection and Defenses are Sufficient, OIG Finds

According to the inspector general’s memorandum, the Department of the Interior detected simulated malicious attacks and responded properly, making improvements from 2015 and 2018 evaluations.

The Office of the Inspector General for the Department of the Interior found that the department’s cyber threat detection and defense controls are sufficient, according to a released memorandum. As a result of DOI’s adequate response, OIG is closing its evaluation. 

OIG performed penetration tests of DOI’s public-facing systems and found that DOI detected the simulated attacks, in addition to properly responding in compliance with agreed upon steps established by OIG and the Office of the Chief Information Officer.

OIG began to evaluate DOI in October 2020 to determine whether it “deploys and operates a secure infrastructure for its public-facing internet systems in accordance with guidance provided by the National Institute of Standards and Technology, department policy, and industry best practices.”

Specifically, OIG examined security weaknesses to DOI’s public-facing systems by conducting tests from May to November 2021, to look for vulnerabilities that could be exploited. Additionally, OIG utilized ethical hacking tools to mimic actual malicious activity, after which it looked at the DOI’s incident tracking system and incident response tools to see if its simulated attack was detected. These test results were given to DOI for “vulnerability confirmation and mitigation.” 

According to OIG, it conducted similar tests in 2015 and 2018 for incident handling as well as vulnerability detection and mitigation practices, which did not produce satisfactory results. In particular, the 2015 report found critical vulnerabilities on public-facing systems and the 2018 report found that alerts created from OIG imitating malicious activity were not picked up by OIG. However, OIG stated that DOI’s efforts have since improved, as the most recent findings show that DOI identified OIG’s simulated attacks and mitigated confirmed vulnerabilities that OIG’s tests detected. 

Despite this improvement, OIG stated that DOI must “remain vigilant,” because it has numerous public-facing internet systems “that face a variety of other vulnerabilities that should be considered and addressed.” OIG added that its tests had a broad scope and “did not mimic adversaries who may have the time and resources to focus their attacks.” 

OIG did not offer any recommendations in its memorandum and DOI is not required to respond. 

Source: https://www.nextgov.com/cybersecurity/2022/08/interiors-cyber-threat-detection-and-defenses-are-sufficient-oig-finds/376045/

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Cyber Security

A top Defense Department official described the private sector as “absolutely essential” in implementing the agency’s new cyber strategy. A top Defense Department official...

Cyber Security

The agency is utilizing a relaunched cybersecurity coordination center and additional programs to significantly ramp up interactions with key partners, a top official said....

Cyber Security

The nation’s cyber defense agency is building onto White House efforts to secure schools’ systems nationwide with the help of major education software companies....

Cyber Security

Despite recent improvements, a watchdog report claims the agency still has more it can do to make threat-sharing policies more effective. Though the Federal...

Copyright © 2023 Newsworthy News | Global | Political | Local | All News | Website By: Top Search SEO