Although DHS has begun to implement the recommendations listed in the National Strategy to Secure Cyberspace - including establishment of the National Cyber Security Division and creation of the U.S. Computer Emergency Readiness Team - it still faces some challenges in order to address long-term cyber threats, according to the report.
Specifically, the report said NCSD has not: Prioritized its initiatives to implement the national strategy; identified resources needed to ensure it can identify, analyze and reduce long-term cyber threats; developed performance measures; or instituted a formal communications process within DHS and with public, private and international sectors.
"NCSD must address these issues to reduce the risk that the critical infrastructure may fail due to cyber attacks," the IG said.
In a memo responding to the report, Frank Libutti, under secretary for DHS Information Analysis and Infrastructure Protection Directorate, said that the IG report was a fair assessment but that some of its recommendations had become obsolete due to changed circumstances.
He also noted that the report didn't completely detail all of NCSD's accomplishments, and didn't cite the dynamic environment in which DHS operates, which he said presents unique challenges.