DHS IT security smacked again

The Homeland Security Department's forlorn IT security came in for another pasting this month from the department's inspector general and from Sen. Judd Gregg (R-N.H.), chairman of the Senate Appropriations Subcommittee on Homeland Security.

The agency's IT security has been the subject of several critical reports and evaluations, and DHS has earned three consecutive failing grades in its annual IT security evaluation under the Federal Information Systems Management Act.

Gregg praised DHS officials for pledging to address the problems raised in the three reports. Homeland Security CIO Scott Charbo responded with detailed letters describing DHS' plans to improve database security and managing the agency's OneNet network.

DHS officials responsible for IT used in border security submitted a detailed reply to an IG report on border systems.

During a time when the government is spending billions on security, Gregg said, it is unacceptable that DHS has failed to properly manage and secure its systems.

"The reports of threats posed by holes in the department's information technology and infrastructure are a concern," Gregg said. "The U.S. Visit program, for example, is a major IT investment, and the department must concentrate on this program operating effectively."

The IG reports include extensive blank spaces that omit sensitive IT security information about issues such as database configuration guidelines and security.

The IG reported that DHS officials have not yet fully aligned their databases with Federal Information Security Management Act procedures, failing, for example, to test and evaluate security controls, to integrate security control costs into system lifecycle costs, among other issues.

The auditors said DHS had not followed its own procedures to clear an upgrade of the agency's wide area network, and had relied on a network security operation at Immigration and Customs Enforcement rather than creating a separate security operations center. They noted ineffective network monitoring and the lack of interconnection service agreements as additional problems with the WAN.


Government Computer News' Wilson Dizard can be reached at wdizard@postnewsweektech.com.

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

What is your e-mail address?

My e-mail address is:

Do you have a password?

Forgot your password? Click here
close
SEARCH
 Top 100 Slideshow
contracts DB

Trending

  • Dive into our Contract Award database

    In an exclusive for WT Insider members, we are collecting all of the contract awards we cover into a database that you can sort by contractor, agency, value and other parameters. You can also download it into a spreadsheet. Read More

  • Is SBA MIA on contractor fraud? Nick Wakeman

    Editor Nick Wakeman explores the puzzle of why SBA has been so silent on the latest contractor fraud scandal when it has been so quick to act in other cases. Read More

Webcasts