Reports Slam DHS on Data Security, Contract Oversight
Computerworld - Two newly released government reports criticize the U.S. Department of Homeland Security for data security and IT contract management shortcomings within the agency's program for controlling and monitoring the entry and visa status of foreign visitors.
The contract management report was publicly released by the Government Accountability Office last Monday, and a partially censored version of the security-related report was made available July 7 by the inspector general's office within the DHS.
The GAO said DHS officials responsible for the U.S. Visitor and Immigrant Status Indicator Technology (US-VISIT) program didn't establish effective financial controls for overseeing work performed on its behalf by other agencies. That includes U.S. Customs and Border Protection, which manages a system that maintains watch-list data and captures passenger arrival and departure information provided by air and sea carriers.
As a result of the oversight problems, the US-VISIT program office didn't understand exactly how much was being spent on contracts or whether the work was being done on time and within budgets, the GAO claimed in the report. It added that the DHS and the other agencies made duplicate payments on invoices and used funds designated for US-VISIT to pay for services that weren't related to the program.
The GAO recommended that DHS Secretary Michael Chertoff direct the US-VISIT program office to take steps designed to strengthen its contract management capabilities.
Room for Improvement
In a written response to the GAO, a DHS official said that although the agency disputes some of the findings in the report, it agrees with the recommendations and recognizes the need for improvement.
The other report, issued by Richard Skinner, inspector general at the DHS, said the agency hasn't properly configured a database in which personal information captured by radio frequency identification (RFID) devices is stored. The security gaps could be exploited to gain unauthorized or undetected access to sensitive data, according to the report.
In a written response, James Williams, director of the US-VISIT program, said steps have already been taken to strengthen account management procedures for the database. However, he disagreed with a recommendation that RFID-specific policies be set. Existing policies cover the security of data, whether it is collected via RFID or other technologies, he said.
Read more about Government IT in Computerworld's Government IT Topic Center.
- Reduce federal infrastructure risk with compliance management and situational awareness IBM continuous monitoring and management solutions deliver real-time situational awareness to help federal agencies understand vulnerabilities, and protect the infrastructure.
- Datacenter eGuide Read on to learn what technologies are essential for high-performing data centers today, and to get a glimpse of what the data center...
- EndPoint Interactive eGuide In this eGuide, Network World, Computerworld, and CIO examine two endpoint trends - BYOD and collaboration - and offer tips and advice on...
- The Business Value of Continuous Delivery Download this whitepaper to learn more about the business value of Continuous Delivery and see why it could be a game changer for...
- Live Webcast How to serve up a Grand Slam with a scalable IT Infrastructure for cloud, big data and advanced analytics Register today to attend this webcast, and see examples of how The U.S. Tennis Association, Wimbledon and U.S. Golf Association are using the...
- Live Webcast Security Vulnerabilities Associated With Having Local Administrator Privileges Viewfinity will demonstrate how removing admin rights and granularly managing privileges at the application level reduces the attack surface.
- Live Webcast IBM FlashSystem V840: Leveraging Software-Defined Flash to Drive Your Business With end-to-end, tightly integrated functionality and super-fast flash technology, products like IBM FlashSystem V840 Enterprise Performance Solution empower businesses to leverage the efficiency...
- It's not too late...Get Your Mobile Questions Answered Live! How can IT provide seamless and secure mobile communications and collaboration for all? Join this live Webcast as IDG asks an expert panel...
- On-demand webinar - 7 Keys to Service Catalog Implementation Success Watch this webinar to learn 7 crucial keys to make your service catalog a success!