Reports Slam DHS on Data Security, Contract Oversight
Computerworld - Two newly released government reports criticize the U.S. Department of Homeland Security for data security and IT contract management shortcomings within the agency's program for controlling and monitoring the entry and visa status of foreign visitors.
The contract management report was publicly released by the Government Accountability Office last Monday, and a partially censored version of the security-related report was made available July 7 by the inspector general's office within the DHS.
The GAO said DHS officials responsible for the U.S. Visitor and Immigrant Status Indicator Technology (US-VISIT) program didn't establish effective financial controls for overseeing work performed on its behalf by other agencies. That includes U.S. Customs and Border Protection, which manages a system that maintains watch-list data and captures passenger arrival and departure information provided by air and sea carriers.
As a result of the oversight problems, the US-VISIT program office didn't understand exactly how much was being spent on contracts or whether the work was being done on time and within budgets, the GAO claimed in the report. It added that the DHS and the other agencies made duplicate payments on invoices and used funds designated for US-VISIT to pay for services that weren't related to the program.
The GAO recommended that DHS Secretary Michael Chertoff direct the US-VISIT program office to take steps designed to strengthen its contract management capabilities.
Room for Improvement
In a written response to the GAO, a DHS official said that although the agency disputes some of the findings in the report, it agrees with the recommendations and recognizes the need for improvement.
The other report, issued by Richard Skinner, inspector general at the DHS, said the agency hasn't properly configured a database in which personal information captured by radio frequency identification (RFID) devices is stored. The security gaps could be exploited to gain unauthorized or undetected access to sensitive data, according to the report.
In a written response, James Williams, director of the US-VISIT program, said steps have already been taken to strengthen account management procedures for the database. However, he disagreed with a recommendation that RFID-specific policies be set. Existing policies cover the security of data, whether it is collected via RFID or other technologies, he said.
Read more about Government IT in Computerworld's Government IT Topic Center.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
Changing the Way Government Works: Four Technology Trends that Drive Down Costs and Increase Productivity
This paper discusses four technology-based approaches to improving processes and increasing
productivity while driving down department and agency costs.
- Pay-as-you-Grow Data Protection: IBM Tivoli's Full-featured Data Protection Suite for Small to Medium Businesses IBM Tivoli Storage Manager Suite for Unified Recovery gives small and medium businesses the opportunity to start out with only the individual solutions...
- Streamline Data Protection with IBM Tivoli Storage Manager Operations Center IBM Tivoli Storage Manager (TSM) has been an industry-standard data protection solution for two decades. But, where most competitors focus exclusively on Backup...
- Simplify and Consolidate Data Protection for Better Business Results Learn about IBM® Tivoli® Storage Manager Operations Center, which provides advanced visualization, built-in analytics and integrated workflow automation features that leapfrog traditional backup...
- Live Webcast Best Practices for the Hyperconverged Enterprise Network To the Age of Constant Connectivity and Information overload
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well...
- The New Way to Work Knowledge Vault This Knowledge Vault focuses on how, in today's increasingly virtual world, it's more important than ever to engage deeply with employees, suppliers, partners,...