GAO reports laundry list of DHS shortcomings
- By William Jackson
- Jul 16, 2004
The Homeland Security Department's failure to implement a long list of recommendations for improving its operations and management has left security vulnerabilities in the nation's borders and infrastructure, the Government Accountability Office said.
The troubled Computer Assisted Passenger Prescreening System II was the target of seven recommendations concerning the system's development, oversight and IT security.
None of those issues has been addressed by the Transportation Security Administration. Instead, HSD has put CAPPS II on hold pending a major overhaul of the system.
The status report on recommendations to DHS and its legacy agencies was produced at the request of Rep. Jim Turner (D-Texas), ranking member of the House Select Committee on Homeland Security.
Turner released the report today.
GAO identified 104 key recommendations made to DHS or its constituent agencies between March 1997 and March 2004. The report said the recommendations 'reflect actions we believe should be taken either to aid in securing the nation's homeland or to swiftly and appropriately respond to future terrorist attacks.'
As of June 28, only 40 of the recommendations had been implemented. The bulk of the outstanding recommendations are in the Border and Transportation Security Directorate.
'Effective implementation of the remaining 33 recommendations related to the BTS directorate could result in reducing the nation's current security vulnerabilities in such activities as passenger screening, border security and ports of entry,' the report concluded.
'While some progress has been made, many responsibilities given to the new department by Congress have yet to be completed,' Turner said. 'We need to regain our sense of urgency and implement the remaining recommendations now to strengthen our borders and ports.'
CAPPS II was intended to compare airline passenger information from airlines with information from other government and private databases to create a risk profile for each traveler. It has been widely criticized as a threat to privacy. One complaint has been that no effective mechanism for challenging erroneous information has been included in the system.
That issue was among the seven recommendations aimed by GAO at CAPPS II which TSA has not addressed:
- Policies are needed detailing appeal rights of passengers and ability to correct data.
- Oversight mechanisms including reporting requirements for the system are needed.
- Performance goals are needed to evaluate effectiveness, including the system's ability to generate reliable risk scores.
- A policy is needed for accuracy testing of databases before the system is put into operation and for stress testing to ensure that the system can meet peak load requirements.
- A schedule is needed for finalizing security policy, risk assessment, and system certification and accreditation.
- A system is needed to track the development process and ensure that functionality is delivered on time.
- A schedule is needed for the functionality to be delivered in each increment of the system, with milestones for delivering this functionality.
William Jackson is a Maryland-based freelance writer.