Objective

To determine whether the Cyber Incident Response Team at the Division of Homeland Security and Emergency Services is achieving its mission of providing cybersecurity support to non-Executive agencies, local governments, and public authorities. The audit covered the period from January 1, 2018 to March 26, 2021.

About the Program

The Cyber Incident Response Team (CIRT) is part of the State’s Division of Homeland Security and Emergency Services (Division), whose mission is to provide leadership, coordination, and support for efforts to prevent, protect against, prepare for, respond to, and recover from terrorism and other man-made and natural disasters, threats, fires, and other emergencies. CIRT was created in 2017 to provide cybersecurity support to more than 2,800 non-Executive agencies, local governments, and public authorities. (For the purposes of this report, we consider non-Executive agencies to be those not supported by the Office of Information Technology Services.) Currently, there are a total of nine members of CIRT – seven Division employees and two members of the National Guard.

Key Findings

CIRT’s mission is broadly defined to provide cybersecurity support to non-Executive agencies, local governments, and public authorities. CIRT officials developed three areas of focus, referred to as lines of service, to guide its work: Cyber Incident Response Services, Technical Cyber Services, and Information Sharing and Outreach. CIRT has not established specific and measurable objectives that clearly define what is to be achieved, who is to achieve it, how it will be achieved, or the time frames for achieving its lines of service. Further, it has not established quantifiable goals that can be measured to evaluate its accomplishments.

Generally, CIRT provided technical cyber services at the request of the entities that it supports; however, it has not sought to proactively obtain information from these entities to evaluate their needs on a broad basis. Such information would allow CIRT officials to better understand and plan for entities that may benefit from their services in a more targeted manner.

Key Recommendations

• Develop specific, measurable objectives and quantifiable, attainable goals, along with associated reporting mechanisms, to allow CIRT to evaluate if it is achieving its mission.
• Take steps to determine the cybersecurity needs of the non-Executive agencies, local governments, and public authorities CIRT is charged with supporting.