DHS secure network was rushed, IG says

The Homeland Security Department's $337 million network for sharing top-secret data was developed in a rush, and as a result is inadequate and does not meet the needs of its users, according to a new report by the department's Acting Inspector General Richard L. Skinner.

Department officials developing the Homeland Security Secure Data Network hurried to finish the job in nine months because they believed they would be cut off from the Pentagon's secure data network by a Dec. 31, 2004 deadline, the inspector general said.

"However, this accelerated schedule prevented DHS from adequately completing critical system development requirements," the IG report stated. "Specifically, the methods for collecting and documenting the functional and security needs of users during the requirements definition phase for the new network did not provide adequate assurance that user needs at the 600 sites will be met."

The 600 sites referred to are DHS intelligence gathering units and federal, state and local agencies involved in homeland security.

Also, some testing and security implementation requirements had not been completed as of November 2004, the audit stated.

"Without completing and documenting these activities in sufficient time for review and adjustment to eliminate or mitigate risk, DHS does not have assurance that HSDN complies with security standards and practices," the report said.

The inspector general is recommending that all system users be involved in defining its requirements in the future, and that completion of all testing be verified before deployment.

The data network, which was organized by the Office of the CIO, is intended to provide secure connections for sharing top-secret and classified data. In April 2004, a contract to initiate implementation of the system was awarded to Northrop Grumman Corp., with a potential value of more than $350 million.

Responding to the report, CIO Steve Cooper wrote that the program has established a senior position to ensure that users are involved in the planning of future requirements for the program.