Oh the irony: According to a report released Thursday by the DHS inspector general, the very system used by the U.S. Computer Emergency Readiness Team to exchange and access mission-critical data about the security posture of civilian networks was vulnerable to attack.
Oh the irony: According to a report released Thursday by the DHS inspector general, the very system used by the U.S. Computer Emergency Readiness Team to exchange and access mission-critical data about the security posture of civilian networks was vulnerable to attack.
US-CERT is charged with compiling and analyzing information about cybersecurity incidents happening across civilian agencies, many of which are identified via the intrusion detection system Einstein. The good news is that the audit found the Einstein system , in itself, to be relatively secure, with no high-risk vulnerabilities detected. The bad news is that the system used by US-CERT to access Einstein data, known as the Mission Operating Environment, was not. A scan of the system identified 202 high-risk vulnerabilities -- most of which involved failure to patch the operating system and applications.
So, in a nutshell, a computer system used to keep tabs on the state of cybersecurity across civilian agencies, that provides access to data that would be a goldmine for any would-be hacker, was poised for attack (up until recently, when DHS apparently addressed the weaknesses). Is that the pot calling the kettle black?