Reports Slam DHS on Data Security, Contract Oversight
Computerworld - Two newly released government reports criticize the U.S. Department of Homeland Security for data security and IT contract management shortcomings within the agency's program for controlling and monitoring the entry and visa status of foreign visitors.
The contract management report was publicly released by the Government Accountability Office last Monday, and a partially censored version of the security-related report was made available July 7 by the inspector general's office within the DHS.
The GAO said DHS officials responsible for the U.S. Visitor and Immigrant Status Indicator Technology (US-VISIT) program didn't establish effective financial controls for overseeing work performed on its behalf by other agencies. That includes U.S. Customs and Border Protection, which manages a system that maintains watch-list data and captures passenger arrival and departure information provided by air and sea carriers.
As a result of the oversight problems, the US-VISIT program office didn't understand exactly how much was being spent on contracts or whether the work was being done on time and within budgets, the GAO claimed in the report. It added that the DHS and the other agencies made duplicate payments on invoices and used funds designated for US-VISIT to pay for services that weren't related to the program.
The GAO recommended that DHS Secretary Michael Chertoff direct the US-VISIT program office to take steps designed to strengthen its contract management capabilities.
Room for Improvement
In a written response to the GAO, a DHS official said that although the agency disputes some of the findings in the report, it agrees with the recommendations and recognizes the need for improvement.
The other report, issued by Richard Skinner, inspector general at the DHS, said the agency hasn't properly configured a database in which personal information captured by radio frequency identification (RFID) devices is stored. The security gaps could be exploited to gain unauthorized or undetected access to sensitive data, according to the report.
In a written response, James Williams, director of the US-VISIT program, said steps have already been taken to strengthen account management procedures for the database. However, he disagreed with a recommendation that RFID-specific policies be set. Existing policies cover the security of data, whether it is collected via RFID or other technologies, he said.
Read more about Government IT in Computerworld's Government IT Topic Center.
Changing the Way Government Works: Four Technology Trends that Drive Down Costs and Increase Productivity
This paper discusses four technology-based approaches to improving processes and increasing
productivity while driving down department and agency costs.
- Path Selection Infographic Path Selection Infographic
- Hyperconvergence Infographic A wide range of observers agree that data centers are now entering an era of "hyperconvergence" that will raise network traffic levels faster...
- Preparing Your Infrastructure for the Hyperconvergence Era From cloud computing and virtualization to mobility and unified communications, an array of innovative technologies is transforming today's data centers.
- Live Webcast Best Practices: How to Improve Business Continuity with Virtualization VMware solutions include a range of business continuity capabilities to help ensure availability for applications across your virtualized environment. Learn More>>
- Live Webcast
Transforming Finance, Procurement and Supply Chain Effectiveness with Cross-Functional Analytics
Date: May 6th, 2014
Time: 1 PM EDT
Attend this Webcast to find out how Oracle's packaged analytic applications enable line-of-business managers to examine all...
- Live Webcast LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- Cloud Knowledge Vault Learn how your organization can benefit from the scalability, flexibility, and performance that the cloud offers through the short videos and other resources...
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?