A Federal response to the Heartbleed bug: New procedures for DHS


As a response to the Heartbleed bug, along with the ever-growing need to tighten cyber security measures, the White House is now permitting the Department of Homeland Security (DHS) to conduct continuous scans of civilian agency networks. These regular scans act as a preemptive measure to identify vulnerabilities, so as to not have a repeat of the delayed response when dealing with the Heartbleed bug. As a result of the current law, the Federal Information Security and Management Act, officials reported a delay of action of up to 10 days due to the legal questions and consequences of allowing the DHS into agencies’ networks. These new procedures are meant to alleviate the obstacles that prevented the DHS from immediately intervening.

According to the new procedures, the DHS will now be scanning Internet accessible addresses and public sectors of federal civilian agency systems for inconsistencies and vulnerabilities on an emergency basis, without the need for agency permission. A new reporting system for vulnerabilities is in place with communication between the agencies and DHS, also including third party contractors and cloud service providers who will need to report identified vulnerabilities they have discovered to the DHS. The DHS will also be responsible for continued deployment of intrusion detection and prevention capabilities as an additional measure to protect the federal department information systems.

Additionally, incident notification guidelines were updated in order to streamline the way networks report cyber security information, eliciting a faster response time from the US-CERT. To view the original article, please click here.

Scroll to Top