Close this Advertisement




Share

DHS IT security smacked again

  • By Wilson P. Dizard III
  • Jan 26, 2006
The Homeland Security Department's forlorn IT security came in for another pasting this month from the department's inspector general and from Sen. Judd Gregg (R-N.H.), chairman of the Senate Appropriations Subcommittee on Homeland Security.

The agency's IT security has been the subject of several critical reports and evaluations, and DHS has earned three consecutive failing grades in its annual IT security evaluation under the Federal Information Systems Management Act.

Gregg praised DHS officials for pledging to address the problems raised in the three reports. Homeland Security CIO Scott Charbo responded with detailed letters describing DHS' plans to improve database security and managing the agency's OneNet network.

DHS officials responsible for IT used in border security submitted a detailed reply to an IG report on border systems.

During a time when the government is spending billions on security, Gregg said, it is unacceptable that DHS has failed to properly manage and secure its systems.

"The reports of threats posed by holes in the department's information technology and infrastructure are a concern," Gregg said. "The U.S. Visit program, for example, is a major IT investment, and the department must concentrate on this program operating effectively."

The IG reports include extensive blank spaces that omit sensitive IT security information about issues such as database configuration guidelines and security.

The IG reported that DHS officials have not yet fully aligned their databases with Federal Information Security Management Act procedures, failing, for example, to test and evaluate security controls, to integrate security control costs into system lifecycle costs, among other issues.

The auditors said DHS had not followed its own procedures to clear an upgrade of the agency's wide area network, and had relied on a network security operation at Immigration and Customs Enforcement rather than creating a separate security operations center. They noted ineffective network monitoring and the lack of interconnection service agreements as additional problems with the WAN.


Government Computer News' Wilson Dizard can be reached at wdizard@postnewsweektech.com.

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

What is your e-mail address?
My e-mail address is:

Do you have a password?
Forgot your password? Click here
close
SEARCH

Trending

Webcasts

  • How Do You Support the Project Lifecycle?

    How do best-in-class project-based companies create and actively mature successful organizations? They find the right mix of people, processes and tools that enable them to effectively manage the project lifecycle. REGISTER for this webinar to hear how properly managing the cycle of capture, bid, accounting, execution, IPM and analysis will allow you to better manage your programs to stay on scope, schedule and budget. Learn More!

  • Surviving Lowest Price Technically Acceptable IT Projects: Maximize your Returns and Customer Satisfaction Ratings

    Register for this FREE exclusive roundtable webcast to hear from Nick Wakeman, Editor of Washington Technology, Shamun Mahmud, Cloud Security Architect, DLT Solutions and Paul McCloskey, Federal Alliances Leader, SolarWinds, and they discuss the different approaches on how you can deliver low cost, technically excellent, better value solutions to meet the fiscal and technology needs of today’s government, while still maximizing your returns on your LPTA IT projects. Learn More!