Summary: This report reviews the department of Defense's (DOD) implementation of computer incident response capabilities and identifies challenges to improving these. GAO found that during the last several years, DOD has taken several steps to build incident response capabilities and enhance computer defensive capabilities across the Department, including the creation of computer emergency response teams and incident response capabilities within each of the military services as well as the Defense Information Systems Agency and the Defense Logistics Agency. DOD also created the Joint Task Force-Computer Network Defense (JTF-CND) to coordinate and direct the full range of activities within the Department associated with incident response. GAO identified the following six areas in which DOD faces challenges in improving its incident response capabilities: (1) coordinating resource planning and prioritization activities; (2) integrating critical data from intrusion detection systems, sensors, and other devices to better monitor cyber events and attacks; (3) establishing departmentwide process to periodically review systems and networks for security weaknesses; (4) increasing individual unit compliance with departmentwide vulnerability alerts; (5) improving DOD's system for coordinating component-level incident response actions; and (6) developing departmentwide performance measures to assess incident response capabilities.
