IG: Weak spots still hamper DHS info security

Despite improvements, the Homeland Security Department continues to display significant information security weaknesses that jeopardize the integrity and privacy of department IT programs, according to a new report released by DHS Inspector General Richard Skinner.

The IT Management Letter is part of the fiscal 2005 Financial Statement Audit, which was performed by KPMG LLP accounting firm. The inspector general released it in a redacted form to prevent disclosure of sensitive information.

According to the 77-page management letter, the most significant IT control weaknesses at the agency involve entitywide security, access controls and service continuity.

'Collectively, these IT control weaknesses limit DHS' ability to ensure that critical financial and operational data is maintained in such a manner to ensure confidentiality, integrity and availability,' the report said.

The management letter described the problems as materials weaknesses for financial system security under standards accepted by the Government Accountability Office, which is an arm of Congress.

The audit found a lack of certifications and accreditations; missing and weak user passwords on key servers and databases; absence of necessary security patches; and configurations in which users were not automatically logged off following usage, among other problems.

The IT management later looked at Customs and Border Protection, the Coast Guard, the Federal Emergency Management Agency, Transportation Security Administration, and other agencies.

Alice Lipowicz is a staff writer for Government Computer News' sister publication, Washington Technology.

About the Author

Alice Lipowicz is a staff writer covering government 2.0, homeland security and other IT policies for Federal Computer Week.

Featured

  • business meeting (Monkey Business Images/Shutterstock.com)

    Civic tech volunteers help states with legacy systems

    As COVID-19 exposed vulnerabilities in state and local government IT systems, the newly formed U.S. Digital Response stepped in to help. Its successes offer insight into existing barriers and the future of the civic tech movement.

  • data analytics (Shutterstock.com)

    More visible data helps drive DOD decision-making

    CDOs in the Defense Department are opening up their data to take advantage of artificial intelligence and machine learning tools that help surface insights and improve decision-making.

Stay Connected