A few steps forward at DHS, a few steps back
As the government’s homeland security operations mature, its IT functions appear less like a helpless newborn and more like an energetic if fumbling toddler.
The agencies assigned to defend America against terrorism have made serious missteps identified by lawmakers and other federal overseers, but they also are making strides.
The Homeland Security Department, now in its second year of operations, has made progress in consolidating its gaggle of overlapping systems, shoring up its frail systems security and creating an enterprise architecture governance authority. And the FBI’s Terrorist Screening Center has deployed an early version of its long-awaited consolidated watch list.
But DHS’ own inspector general has criticized the department for a long list of IT weaknesses. And a congressional panel offered criticism and caveats for the screening center.
“IT remains a major management challenge for the department,” the IG’s office said in its report.
The problems include weak systems security, the lack of a detailed enterprise architecture, difficulties providing consolidated IT and administrative support to component agencies, and uneven financial management.
“DHS has also struggled to prepare a detailed and accurate listing of its procurements,” the IG noted. “The data DHS has received to date has come from 22 different sources, does not provide total contract award information and has not been independently validated.”
But DHS officials, while acknowledging plenty of work ahead, point to some success in consolidating systems and shoring up security.
DHS plans to buttress its compliance with the Federal Information Security Management Act by deploying a commercial application for reporting security data, finding security weaknesses, monitoring fixes and managing self-assessments.
The department’s CIO, Steve Cooper, last month described the security application as “Trusted Agent FISMA” in testimony before the House Select Homeland Security Subcommittee on Cybersecurity, Science, and R&D.FISMA deployed
DHS already has deployed the FISMA application across the department, and officials have used it to generate an initial quarterly report, Cooper said.
To improve IT oversight, DHS last week held the first meeting of its Enterprise Architecture Board, which will review the nearly 300 projects to be included in the fiscal 2006 budget. “That is a daunting task for an organization,” Cooper said.
Meanwhile, the FBI’s screening center last month deployed the first version of the Terrorist Screening Database.
The center plans to create a real-time, integrated edition of the database by December, said its director, Donna A. Bucella.
The database now contains more than 120,000 names gleaned from more than 12 government databases maintained by nine agencies, Bucella said at a joint hearing of the House Homeland Security Select Committee and Judiciary Committee.
Lawmakers greeted Bucella’s description of the database project with varying degrees of praise for the work accomplished, criticism of delays and alarm about the lack of a clear way to correct watch list errors.
Bucella said center officials still are sifting through data and have not fully populated the list. Outside agencies can’t yet access the database, and the center’s response time can stretch to 20 minutes or longer as officials check highly classified databases.
Rep. Jim Turner (D-Texas), ranking member of Homeland Security, said delays in fielding the watch list mean that “someone could still slip through the cracks because the government is not able, in real time, to check a name against every available watch list of known or suspected terrorists. ... This is put together with spit and baling wire.”
Bucella said the center has been responding to inquiries from police dispatchers, border patrol agents and other officials since December. It advises callers to arrest suspects, question and release them, record information about them or let them pass freely.
The center has developed methods for removing names from its database, Bucella said. But there’s no way for members of the public to challenge their inclusion in it or other government terrorist databases.
Connect with the GCN staff on Twitter @GCNtech.