IG: Justice cyber operations slow to report incidents, lacking critical info

By Jolie Lee
Federal News Radio

The Justice Department takes too long to report cyber incidents and does not have cyber incident reports from all of its departments, according to an Office of the Inspector General report.

The Justice Security Operations Center (JSOC), established in 2007, monitors DoJ’s IT systems for cyber threats. JSOC coordinates with the Homeland Security Department’s U.S. Computer Emergency Readiness Team (US-CERT) to defend against cyber attacks.

JSOC policy “allows more time—potentially up to twice as long—for reporting incidents to US-CERT than US-CERT advises,” said Jay Lerner, senior counsel at the DoJ OIG, in a statement.


For example, an incident defined a “Category 1” or unauthorized access must be reported to US-CERT within one hour, the report said.

“Allowing twice the required time to report an incident to US-CERT may potentially increase opportunities for malicious actions within DoJ and add to the overall risk to its IT environment,” the report.

The IG also found JSOC did not have a comprehensive picture of potential cyber threats. Six of DoJ’s 32 components have not provided all information to JSOC. In particular, the FBI does not report incidents it categorizes as “under investigation.”

“[O]ur audit raises concerns about how well JSOC receives necessary incident information from components, components’ awareness of JSOC services, and components’ commitment to following DoJ’s Computer System Incident Response Plan,” according report.

DoJ spends about $3 billion annually in cybersecurity, the report said.

The IG made 20 recommendations and DoJ’s Justice Management Division agreed to all of them, Lerner said.