DHS earns kudos for tightening security on intelligence systems
Report says DHS minimized security risks to IT systems with top-secret data
The Homeland Security Department has significantly minimized the security risks with its intelligence systems, according to a report from the department’s inspector general.
The department made the improvements by dealing with security vulnerabilities that the IG identified in an evaluation of fiscal 2007, according to the summary report
released on the IG’s Web site July 8. The IG said a more recent evaluation showed that DHS had dealt with 10 of the 14 recommendations the office had previously made that related to the department’s security program for top secret/sensitive compartmented information systems.
“Overall, the information security procedures have been documents and controls have been implemented, providing an effective level of security for the department’s intelligence systems,” the report states.
However, the IG also said the department hadn’t yet implemented all of the department’s recommendations and suggested that the head of intelligence and analysis at DHS take those actions. The IG also recommended the department’s Office of the Chief Information Officer deal with “system-control issues” identified during the IG’s review.
The report said DHS’ Office of Intelligence and Analysis concurred with the IG’s recommendations and provided proposed plans of action to fix the problems. The report was based on fieldwork conducted between May and October of 2008.
The IG’s evaluation focused on security program management, implementation and system administration of the department’s intelligence systems. The report said the IG primarily assessed the plan of action and milestones, system certification and accreditation, incident-reporting processes, and its security-awareness training program. The evaluation was done according to annual requirements of the Federal Information Security Management Act.
The report said over the past year, DHS had finalized its guidance for personnel handling its intelligence systems, and had certified and accredited its classified network extension. The IG also said the Coast Guard’s intelligence systems were put under DHS’ Office of Intelligence and Analysis.
Ben Bain is a reporter for Federal Computer Week.