Nearly half of federal agencies are not sharing documented incidents of potential terrorist activity with U.S. intelligence centers, according to officials in the Office of the Director of National Intelligence.
The Homeland Security and Justice departments since 2008 have been teaching federal officials and police to deposit, through a secure network, reports of suspicious behavior while being mindful of civil liberties. The point of the technology is to piece together terrorist plots before they are executed.
But, some criminal justice experts say, a major obstacle is dampening the initiative. Work is slow-going in connecting local agencies to fusion centers, intelligence facilities partly funded by the government that vet reports for possible distribution through the Nationwide Suspicious Activity Reporting Initiative. Nearly half—46 percent—of federal departments told ODNI that they were not frequently sharing leads. In a new report to Congress, the Information Sharing Environment, an agency within ODNI, stated that 16 percent of agencies said that they never submit notices, 15 percent reported they rarely file and 15 percent said they sometimes share.
“This is a serious problem because unless we are able to convince all the local agencies to participate and to submit their SARs to the fusion center, we create the very real possibility that we will miss detecting the next Mohammed Atta who goes around taking flying lessons and passing up on the lecture of how to land his aircraft,” says Paul Wormeli, Integrated Justice Information Systems Institute executive director emeritus and a consultant on the project. Atta allegedly hijacked one of the airplanes that crashed into the World Trade Center on Sept. 11, 2001.
The Obama administration has drafted plans to require federal contractors to adopt cybersecurity safeguards for equipment that transmits government information.
NASA, the Defense Department and the General Services Administration released the draft rules. Under the plan, doing
business with the government would be contingent on agreeing to protect corporate-owned devices and federal data on websites.
The administration wants antivirus or antispyware mechanisms, and prompt installation of software patches and security updates. Federal data posted to company Web pages must be secured through passwords or other restrictions. Information and equipment also would have to be guarded by one physical element, such as a locked case, and one digital defense, such as a login.
NASA reported 5,408 computer security incidents in 2010 and 2011 in which outsiders installed malicious software or accessed systems. And during a cyber strike on a defense contractor in 2011, attackers excised 24,000 files related to weapons systems.
The Interior Department is considering purchasing a mobile device management product that will allow it to remotely update, manage, monitor, and shut down or wipe employees’ smartphones and tablets even when they are traveling abroad.
Interior “has recognized a real threat to the integrity of electronic devices on international travel,” the request for information states.
A device that is compromised abroad could go on to infect other parts of Interior’s systems, according to the documents.
Roger Baker, the Veterans Affairs Department chief information officer, promises that VA will have a paperless claims processing system installed in all its regional offices next year, none too soon for the Veterans Benefits Administration employees in North Carolina whose safety is threatened by mountains of paper files.
The VA inspector general reported that the VBA office in Winston-Salem has so many backlogged claims that employees have stacked 37,000 paper files on top of file cabinets, on the floor and in boxes along the walls.
These foothills of files have “the potential to compromise the structural integrity of the sixth floor of the facility. We noticed floors bowing under the excess weight to the extent that the tops of file cabinets were noticeably unlevel throughout the storage area,” the IG said.
That’s a serious records management problem.