IG: Homeland Security IT systems not disaster-ready

The Homeland Security Department is not adequately prepared to recover its IT systems following a disaster, according to a new report from the department’s acting inspector general, Richard Skinner.

Fifteen of the 19 IT facilities reviewed at the department either had no recovery sites or their recovery sites were not fully operational, the IG found.

Four IT programs that did have working recovery sites displayed significant shortcomings. “Tests at those facilities revealed deficiencies that could adversely impact recovery of critical IT systems,” the report said.

The flaws in disaster capabilities could lead to disruptions and delays in the 19 IT systems examined, which include systems for screening passengers at airports, processing grants following a disaster and screening the flow of goods across borders, according to the report.

“The inability to restore DHS’ critical IT systems following a disaster could have negative effects on the performance of mission-essential functions,” the IG said.

Planning documents for continuity of operations also were inadequate, with deficiencies in 25 of the 31 documents reviewed. Thirteen DHS contingency planning documents “had not been finalized” to date, the IG said.

To remedy the problems, the IG is recommending the department implement an “enterprisewide disaster recovery solution.” The department should require that new IT systems include disaster recovery capabilities, and that recovery planning and documentation should be finished.

The IG reviewed department compliance with Federal Preparedness Circular 65 issued by the Federal Emergency Management Agency in June 2004. It specifies steps to be taken to prepare to continue essential functions of federal agencies in the event of an emergency.

The guidance requires that agencies must be able to shift to emergency status within 12 hours without advance warning, develop capabilities to support the agency during emergency status and to regularly test those capabilities.

“The disaster recovery sites for the reviewed DHS facilities were either not available, not fully operational or had identified deficiencies,” the report said. “The disaster recovery sites for all 19 facilities lacked adequate capabilities to prevent service disruptions from potentially affecting DHS’ ability to either respond to a threat or to mitigate the effects of the disaster.”

Six IT facilities had no recovery site at all. “At these six facilities, there were a total of 383 servers and nine mainframe systems,” the IG said.

By those criteria, the department fell short, according to the redacted version of the report posted on the IG’s Web site.

In their written response, included within the IG report, department officials agreed with the recommendations.

Alice Lipowicz is a staff writer for Government Computer News’ sister publication, Washington Technology.

About the Author

Connect with the GCN staff on Twitter @GCNtech.


  • Congress
    U.S. Capitol (Photo by M DOGAN / Shutterstock)

    Funding bill clears Congress, heads for president's desk

    The $1.3 trillion spending package passed the House of Representatives on March 22 and the Senate in the early hours of March 23. President Trump is expected to sign the bill, securing government funding for the remainder of fiscal year 2018.

  • 2018 Fed 100

    The 2018 Federal 100

    This year's Fed 100 winners show just how much committed and talented individuals can accomplish in federal IT. Read their profiles to learn more!

  • Census
    How tech can save money for 2020 census

    Trump campaign taps census question as a fund-raising tool

    A fundraising email for the Trump-Pence reelection campaign is trying to get supporters behind a controversial change to the census -- asking respondents whether or not they are U.S. citizens.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.