If you want to infiltrate top secret government computer systems, don’t do it during working hours.
That’s the takeaway from a new study released by the Department of Homeland Security’s Office of the Inspector General, which revealed that budget cuts have caused the arm of the department tasked with investigating cyberattacks, to cut back to 12 hours a day, Monday through Friday.
The report, which looked at efforts to coordinate cyberdefense throughout the government, charged, ‟[the agency] needs to have sufficient staffing to perform intelligence analysis functions and respond to industrial control systems incidents after work hours and on weekends. Since cyber attacks can happen at any time, it is imperative…to have sufficient resources to respond to and mitigate potential threats.”
This situation leaves 108 hours each week when the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) is unable to provide its technical analysis and forensic investigation—not only to other government agencies, but also to private government contractors whom it is also tasked with assisting.
According to the report, which was released late last month, agency managers had requested the ability to hire more staff but were told they lacked the funding to do so. Unsurprisingly, the report recommended allowing the agency to bring in more people.
The report also found that many agency staffers lacked the specialized training required to effectively respond to cyberattacks. In the wake of the federal sequester, which cut five percent of the budget from all sectors of the government, the agency has since suspended all employee trainings until further notice.
The report noted that staffers have compensated by attending training sessions offered by other arms of the government; however, these classes, “[do] not provide incident responders with the specialized training needed to perform their assigned functions.”
While the U.S. government has proved adept at breaking other organizations’ security, Uncle Sam may need all the help he can get when it comes to protecting his own systems. In a recent authorized penetration test, a team of hackers were able to gain access to the network of a top government agency that specialized in ‟offensive cybersecurity and protecting secrets,” with little more than a fake Facebook profile using the photo of a Hooters waitress.