IG: Coast Guard IT controls leave TSA data vulnerable

DHS IG report


Information technology management problems at the U.S. Coast Guard are causing concerns about the Transportation Security Administration's financial and operational data, according to an inspector general's report.

The problem is that the Coast Guard, which hosts several key financial applications for TSA, needs to improve the internal controls over its information systems and processes, according to the recent report by the Department of Homeland Security's Inspector General.

The agency has made some gains since an earlier audit by the IG's office, but more needs to be done, according to the report. Until that happens, the confidentiality, integrity and availability of the TSA data cannot be assured, the report states.

The redacted report does not identify the particular system in question, but the problems, according to the document, stem from challenges related to the merging of numerous IT functions and processes, as well as overall organizational shortages.

In some cases, auditors found instances of missing or weak user passwords and missing or poorly configured security patches. They found that weaknesses in some system software could enable users to skirt security control and allow authorized system users to gain unauthorized access to certain system privileges.

Application software development and change control procedures were also found to be inconsistent with both DHS and federal guidance, the IG said. For example, auditors found incomplete documentation of risk assessments for software patches and for test plans and their results.

Officials at both TSA and the Coast Guard agreed with the observations in the report, which covered fiscal year 2005. However, agency officials also responded that they had already begun to address many of the weaknesses in fiscal 2006 and that the remainder would be tackled during fiscal 2007.

About the Author

Brian Robinson is a freelance writer based in Portland, Ore.

Featured

  • Cybersecurity
    CISA chief Chris Krebs disusses the future of the agency at Auburn University Aug. 22 2019

    Shared services and the future of CISA

    Chris Krebs, the head of the Cybersecurity and Infrastructure Security Agency at DHS, said that many federal agencies will be outsourcing cyber to a shared service provider in the future.

  • Telecom
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA softens line on looming EIS due date

    Think of the September deadline for agencies to award contracts under the General Services Administration's $50-billion telecommunications contract as a "yellow light," said GSA's telecom services director.

  • Defense
    Shutterstock photo id 669226093 By Gorodenkoff

    IC looks to stand up a new enterprise IT program office

    The intelligence community wants to stand up a new program executive office to help develop new IT capabilities.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.