Skip to Highlights
Highlights

To reduce the threat to federal systems and operations posed by cyber attacks on the United States, the Office of Management and Budget (OMB) launched, in November 2007, the Trusted Internet Connections (TIC) initiative, and later, in 2008, the Department of Homeland Security's (DHS) National Cybersecurity Protection System (NCPS), operationally known as Einstein, became mandatory for federal agencies as part of TIC. For each of these initiatives, GAO was asked to (1) identify their goals, objectives, and requirements; (2) determine the status of actions federal agencies have taken, or plan to take, to implement the initiatives; and (3) identify any benefits, challenges, and lessons learned. To do this, GAO reviewed plans, reports, and other documents at 23 major executive branch agencies, interviewed officials, and reviewed OMB and DHS guidance.

Skip to Recommendations

Recommendations

Recommendations for Executive Action

Agency Affected Recommendation Status
Office of Management and Budget 1. In order to ensure that federal agencies continue to have adequate information about the number of connections for which they have been approved, the Director of OMB should communicate its final decisions on agency requests for additional TIC access points in a consistent and timely manner.
Closed - Implemented
In fiscal year 2012 OMB reported, in response to our recommendation, that DHS communicated OMB's final decisions to agencies on agency requests for additional TIC access points in May 2010.
Office of Management and Budget 2. In order to ensure that federal agencies continue to have adequate information about the number of connections for which they have been approved, the Director of OMB should assess the efficacy of, and take steps to apply as appropriate, the lesson learned during the initial implementation of TIC regarding the need to define future requirements before establishing deadlines.
Closed - Implemented
In fiscal year 2012 OMB reported that M-09-32, Update on Trusted Internet Connections Initiative, defines program requirements and establishes deadlines for meeting the TIC initiative.
Department of Homeland Security 3. In order to further ensure that federal agencies have adequate, sufficient, and timely information to successfully meet the goals and objectives of the TIC and Einstein programs, the Secretary of Homeland Security should provide agencies with timely responses to their questions seeking clarification on TIC security capabilities.
Closed - Implemented
In fiscal year 2011 we verified that DHS TIC Program Management Office, in response to our recommendation, provides agencies with timely responses to their questions seeking clarification on TIC security capabilities.
Department of Homeland Security 4. In order to further ensure that federal agencies have adequate, sufficient, and timely information to successfully meet the goals and objectives of the TIC and Einstein programs, the Secretary of Homeland Security should enhance TIC compliance validations by including (1) direct testing and evaluation of the critical capabilities and (2) evaluation of the capabilities at all agency TIC locations.
Closed - Implemented
In fiscal year 2011 we verified that DHS, in response to our recommendation, now tests and evaluates with three tools that facilitate and automate compliance testing. In addition, we verified that DHS evaluates, or intends to evaluate, the capabilities at all agency TIC locations. For example, in fiscal year 2010, DHS evaluated 29 agency TIC Access Providers . To evaluate the capabilities at all OMB approved TIC locations not previously assessed, DHS has an approved plan to conduct an onsite evaluation of one TIC, and the associated support components for that TIC, from each of the OMB approved TIC Access Provider Agencies each year. The assessment schedule ensures that all TIC locations are eventually assessed. Once all of an agency
Department of Homeland Security 5. In order to further ensure that federal agencies have adequate, sufficient, and timely information to successfully meet the goals and objectives of the TIC and Einstein programs, the Secretary of Homeland Security should, before activating Einstein sensors, ensure that both DHS and participating agencies (1) execute required service level agreements and (2) sign site deployment checklists.
Closed - Implemented
In fiscal year 2011 we verified that DHS, in response to our recommendation, executed 30 service level agreements as of March 2011 to the 30 participating agencies and required agencies to sign site deployment checklists prior to activating an Einstein sensor.
Department of Homeland Security 6. In order to further ensure that federal agencies have adequate, sufficient, and timely information to successfully meet the goals and objectives of the TIC and Einstein programs, the Secretary of Homeland Security should establish milestones for agencies to submit required Einstein agreements.
Closed - Implemented
Closed.
Department of Homeland Security 7. In order to further ensure that federal agencies have adequate, sufficient, and timely information to successfully meet the goals and objectives of the TIC and Einstein programs, the Secretary of Homeland Security should, to better understand whether Einstein alerts are valid, develop additional performance measures that indicate how agencies respond to alerts.
Closed - Implemented
In fiscal year 2011 we verified that DHS, in response to our recommendation, developed additional performance measures to monitor and track agency responsiveness to Einstein alerts . For example, DHS now tracks: 1) when an agency responds to an alert 2) total hours taken by an agency in response to an alert and 3) length of time of each alert.
Department of Homeland Security 8. In order to further ensure that federal agencies have adequate, sufficient, and timely information to successfully meet the goals and objectives of the TIC and Einstein programs, the Secretary of Homeland Security should assess the efficacy of, and take steps to apply as appropriate, lessons learned during the initial implementation of these initiatives such as the need to (1) define future requirements for TIC before establishing deadlines and (2) make agencies aware of their ability to access Einstein flow data.
Closed - Implemented
In fiscal year 2011 we verified that DHS, in response to our recommendation, applied the lessons learned during the initial stages of implementation by (1) providing periodic netflow and other EINSTEIN training, (2) implementing a secure web portals to share draft, interim, and final copies of security capabilities and technical reference architecture documents; and (3) revising agendas to include activities associated with accessing flow data to the extent available.

Full Report

GAO Contacts