DHS Public Websites Remain Insecure –  Homeland Security Today

The Department of Homeland Security’s (DHS) public-facing websites present a highly accessible point of entry and attack to its information resources, according to an Office of Inspector General report released last Thursday.

The report titled Vulnerabilities Highlight the Need for More Effective Web Security Management evaluated nine of DHS’ most frequently visited public-facing websites to determine whether DHS has implemented effective security controls and practices, examining the implementation of DHS’ required configuration settings and patch management practices.

The report was heavily redacted in order not to divulge details that could help would be malicious intruders.

The nine DHS websites included Customs and Border Protection (CBP), DHS Headquarters (HQ), Federal Emergency Management Agency (FEMA), Federal Law Enforcement Training Center (FLETC), Immigration and Customs Enforcement (ICE), National Protection and Programs Directorate (NPPD), Transportation Security Administration (TSA), United States Coast Guard (USCG), and United States Citizenship and Immigration Services (USCIS).