U.S.-CERT needs more authority and staff to better protect America’s computer systems

The U.S. Computer Emergency Readiness Team (US-CERT) - whose mission is to secure the government’s computer systems - was recently audited by the Department of Homeland Security (DHS) Inspector General (IG) and, according to the internal report issued on June 16, US-CERT lacks both the authority and the staff it needs to do its job.

These conclusions follow long-aired criticism from government officials and experts from the field, who stressed both the vulnerabilities of the government’s computer systems in a risky cyber-environment and the lack of management and security standards. According to the report, several officials also complained about the US-CERT not quickly sharing data on cyber threats or incidents.

However, the audit also reported the progress achieved by US-CERT in helping federal agencies protect against computer-based threats, including the creation of a cyber-center. But the auditors also stated US-CERT would need more actual authority to get other federal agencies to take the steps required to secure their systems.

US-CERT, which is part of the Department of Homeland Security (DHS), might acquire more ascendency soon, as members of Congress are currently discussing legislation that would give DHS greater power to draft and enforce standards, and require federal agencies to more quickly address gaps in their computer systems.

Susan Collins, (R-ME) and Joe Lieberman, (I-CT) count among the senators pushing for this law; Senator Collins declared that DHS needs “precise authorities with real teeth.”

The report highlighted how staff shortages and leadership turnover hindered the team. In addition, the security clearance process can take up to a year for a new hire to begin work.

Nevertheless, DHS is currently increasing its staff number. In early 2009, US-CERT had 16 employees, the number jumped to 31 by October, and today the team has over 50 staffers – and another 25 currently undergoing the rigorous hiring process.

Cyber-security has become increasingly important as the Obama administration has indicated that it is a top priority: “This is one of the most serious economic and national security challenges we face,” President Barack Obama said in 2009.