The Department of Homeland Security has made some...

some of its systems “without authority to operate.” DHS is also not creating plans of action and milestones for fixing all known information security weaknesses or mitigating those weaknesses “in a timely manner,” the report said. The report also said DHS isn’t implementing baseline security settings on all of its systems. The IG recommended DHS establish a process to ensure it’s using baseline security settings on all department computers and ensure all systems have updated authorizations to operate. The report also recommended DHS improve its action plan review process to ensure the department is creating all plans in a timely manner. The IG recommended DHS establish new security training requirements for all privileged users and strengthen oversight of its “Top Secret” systems by performing critical control reviews of selected systems (http://1.usa.gov/1k348Xh). Senate Homeland Security Committee ranking member Tom Coburn, R-Okla., said the report “shows major gaps in DHS’s own cybersecurity, including some of the most basic protections that would be obvious to any 13-year-old with a laptop.” President Barack Obama “has called on the private sector to improve its cybersecurity practices to ensure that our nation’s critical infrastructure is not vulnerable to an attack,” said Coburn in a written statement. “DHS and other agencies must be held to at least the same standard."