DHS asset database can't support vaunted infrastructure protection plan
- By Wilson P. Dizard III
- Jul 12, 2006
The Homeland Security Department's database of critical infrastructure and key resources is so faulty that it does not serve as a useful basis for making decisions about how to protect national resources, the department's inspector general said in a new report
The IG's report noted that flawed data-gathering methods had led state officials to submit irrelevant and even comical assets for inclusion in the critical asset inventory.
The database's alleged shortcomings cast into high relief the department's public claim in late June that DHS had completed the National Infrastructure Protection Plan
(NIPP) to protect physical assets and cyberspace, which in turn relies on the National Asset Database that the report analyzed.
The White House mandated the database in Homeland Security Presidential Directive 7, issued on Dec. 17, 2003. Since then, DHS has been building the risk-management framework needed to support the NIPP. The Preparedness Directorate's Office of Infrastructure Protection is still identifying and collecting data about critical infrastructure and key resources, according to the report.
On June 30, deputy secretary for preparedness George Foresman hailed the release of the infrastructure protection plan, saying in a statement that 'the NIPP formalizes and strengthens existing critical infrastructure partnerships and creates the baseline for how the public and private sectors will work together to build a safer, more secure and resilient America.'
But the IG report cited several deep flaws in the database that underlie the plan, including:
- The database's failure to distinguish the criticality of the approximately 77,000 assets it includes;
- The databases' failure to provide a comprehensive picture of national assets
- The need to develop more sophisticated tools to assess risks associated with various assets
- The need for substantial additional work to complete the database.
The IG report specified multiple flaws that arose in the process of building the database, such as missing ZIP codes, missing facility names and language translation problems. At one point, 'officials estimated that on average each [critical infrastructure/key asset] record they researched was missing information for about seven fields,' according to the report. Department officials progressively improved the methods of gathering and processing the data over the past three years, the report added.
The IG analysts predicted that the database could eventually grow to hundreds of thousands of records.
'Groundhog Zoo' pinpointed
Much of the information in the database came from state agencies, which lacked familiarity with identifying the most critical assets. As a result, the report cited some out-of-place assets, such as:
- Amish Country Popcorn
- Bourbon Festival
- Groundhog Zoo
- High Stakes Bingo
- Kangaroo Conservation Center
- Mule Day Parade
- Nix's Check Cashing.
The IG staff members urged DHS to screen the out-of-place assets, allow state officials to change their submissions, review project milestones and clarify their guidance to state agencies.
DHS officials took issue with some of the report's conclusions. In a written response included in the report, Preparedness Directorate officials stressed that the database project had suffered from a lack of funds and personnel. They also cited the directorate's continuing improvements to the database. Finally, the DHS officials maintained that the database is an asset inventory that provides a 'universe,' or complete list, of assets that can be winnowed in various ways by various reports to extract needed information.