IG: DHS data centers at risk

Centers have multiple vulnerabilities

The Homeland Security Department set up a huge data center on the Mississippi Gulf Coast in 2006 without considering protections against hurricanes, power outages and perimeter security threats, according to a new report from DHS Inspector General Richard Skinner.

Also, DHS did not consider possible risks to its Data Center 1 from rocket testing vibrations two miles away and from possible environmental contamination at the former weapons plant, the report said.

A second DHS data center in Clarksville, Va., did not fare much better. The department failed to consider the possible risks of locating Data Center 2 within several feet of two 25,000-gallon diesel fuel storage tanks, the report said.

The data centers were created to consolidate information technology systems from more than a dozen data centers. The two new centers are to serve as backups for each other to maintain operation of critical departmental IT systems, especially after a disaster.

However, due to shortcomings in risk assessments, the data centers may be vulnerable to breakdown, according to the report, which was posted May 7 on the Web.

“The DHS risk assessments for Data Center 1 and Data Center 2 are out of date and incomplete," the IG wrote. "Additionally, there are unmitigated threats and vulnerabilities at Data center 1 and Data Center 2 that may impact their ability to conduct normal operations."

Also, the new data centers do not have interconnecting circuits and redundant hardware to establish a capability of actively backing up each other. In addition, DHS has not provided alternative processing sites for all critical departmental information systems, and disaster recovery guidance does not conform fully to government standards, the report said.

In May 2005, the IG identified deficiencies in DHS’ ability to restore its mission-critical IT systems after a service disruption from a disaster. In response, the department established the two new data centers,.

In 2008, DHS awarded a multiyear contract with a maximum value of $391 million to Computer Sciences Corp. to manage Data Center 1 at the John C. Stennis Space Center.

DHS also awarded a multiyear contract not to exceed $820 million to Electronic Data Systems to operate the second data center at a contractor-owned and -operated facility in Clarksville, Va.

DHS officials agreed with the inspector general’s recommendation to perform additional risk assessments for both data centers, and they said those assessments would be performed by the end of 2009, according to a management response attached to the report. Departmental officials generally agreed with the other recommendations as well.

About the Author

Alice Lipowicz is a staff writer covering government 2.0, homeland security and other IT policies for Federal Computer Week.

Reader comments

Tue, May 19, 2009 John Sand Washington DC

They took the web site down. Good thing I downloaded it.

Tue, May 19, 2009

The link to the report no longer works. HAs the report been removed from DHS's web stie

Mon, May 18, 2009

The SES Manager responsible for the DHS Data Centers has been repsonsible for the program since its start. Perhaps that's a place to start with the action that "Ron" suggested in the first comment above.

Mon, May 18, 2009 John Sand Washington DC

I notified the DHS OIG about the FOR OFFICIAL USE ONLY infomation that was exposed in thier report. I was told that the information was redacted but you can see that it clearly was not.

Fri, May 15, 2009 Ron

Several sniveling servants should be losing their jobs, and the contractors should be losing their contracts. Newly build data centers that do not have adequate disaster recovery preparation. The article says they were built specifically for that reason.

Show All Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above