Poor management continues to plague Homeland Security, IG reports
Lack of a unified IT infrastructure said to prevent the department from operating effectively.
Management challenges continue to plague the Homeland Security Department, including a failure to integrate the information technology infrastructure across all of the department's agencies, according to a report released Jan. 30 from the DHS inspector general.
The inspector general updates the assessment of management challenges annually, as part of the DHS Annual Financial Report. Past reports have been sharply critical of top management for not making enough progress. This latest report continues in the same vein.
For fiscal year 2007, the biggest management challenges facing DHS included:
- catastrophic disaster response and recovery;
- acquisition management;
- grants management;
- financial management;
- information technology management;
- infrastructure protection;
- border security;
- transportation security; and
- trade operations and security.
Technology remains one of the most formidable management tasks, according to the report, mostly because of DHS' need to integrate systems, networks and applications that agencies had in place before they were consolidated to form the department. Integrating the systems is key to establishing more efficient, reliable communications and information exchange.
A lack of available funds continues to slow DHS' efforts to consolidate data centers. The department did award an eight-year, $800 million contract last year for a secondary data center that will support DHS' primary data center in Mississippi, and it is preparing to award another contract to outsource data management services.
"Several elements of this IT infrastructure do not have the ability to relocate to an alternate site that can be used if their primary facility suffers an extended outage or becomes inaccessible," according to the report. "This inability to restore the functionality of DHS' critical IT systems following a service disruption or disaster could negatively affect accomplishment of a number of essential DHS missions."
The report also referenced continued inconsistencies in compliance with the Federal Information Security Management Act, including DHS' failure to properly execute security policies, procedures and practices, as well as operating under weak configuration management. The report criticized DHS for not completing system certifications and accreditations and also incident detection and analysis, and for not providing proper security training. The IG recommended that the department's chief information officer identify ways to improve the review process and increase the accountability of DHS component organizations.
The report said DHS has yet to implement security controls recommended by the Office of Management and Budget for sensitive data and personally identifiable information, such as identifying those systems that provide access to sensitive information, encrypting laptop computers and implementing remote access security controls.
While progress has been made in ramping up information-sharing capabilities, the report notes the need for continued progress in planning and implementation of the Homeland Security Information Network, DHS' sensitive but unclassified collaboration system. DHS is working to offer user guidance for proper processes, training and reference materials, aligning business processes and requirements and creating cross-functional governances.
The report also points to a lack of an effective strategy for incorporating data-mining into terrorism detection and prevention efforts.