Watchdog rips IT management at Secret Service

Jason Chaffetz

Rep. Jason Chaffetz (R-Utah) wants the Secret Service to relinquish authority over cybersecurity investigations in the wake of a critical watchdog report.

The Secret Service's IT management is troubling, according to a report from the Department of Homeland Security's Office of Inspector General.

The report is a follow-up to an audit conducted in 2015 after the discovery that dozens of Secret Service employees had accessed a 2003 job application submitted by Rep. Jason Chaffetz (R-Utah) without authorization.

Chaffetz did not get the job at the Secret Service, but as chairman of the House Oversight and Government Reform Committee, he now has some say in the agency's oversight.

"The Secret Service believes they have a core mission to protect the nation's financial infrastructure from cyber-related crimes, yet can't keep their own systems secure," Chaffetz said in an Oct. 14 statement in response to the report. "Despite past warnings, [the Secret Service] is still unable to assure us their IT systems are safe."

Chaffetz wants the agency's cybersecurity responsibilities moved elsewhere. "They lack the right personnel to do the job, and senior leadership isn't accountable," he said.

An OIG investigation in 2015 found that 45 Secret Service agents had used an internal email system to distribute a screenshot of a database record that contained Chaffetz's personally identifiable information, including Social Security number and date of birth. The information was also leaked to two media outlets.

The latest report concludes that the agency has not adequately protected the data in case management systems and that IT management poses persistent problems.

The report calls the agency's IT management "ineffective" and cites scant security plans, systems with expired authorities to operate, insufficient access and audit controls, noncompliant logical access requirements, and inadequate privacy protections.

IT management at the agency had not been a priority, the report states. In addition, its CIO did not have authority over all IT resources and was not positioned to provide adequate oversight of systems agencywide.

The Secret Service also lagged in updating IT policy to reflect current processes and was plagued with high turnover and vacancies in the CIO's office.

The OIG said the Secret Service moved to right the situation in late 2015 by centralizing all IT resources under a full-time CIO and drafting plans to improve IT governance. The OIG added that it told the Secret Service as far back as 2013 that it needed to give the CIO agencywide authority over the IT budget and investment review.

In addition, the Secret Service has attempted to clean up its recordkeeping practices. The agency held onto some personnel data, such as job applications, for decades when a five-year retention period would have sufficed, the report states.

However, the OIG said that until those changes are fully implemented, the agency's systems and data will remain vulnerable to unauthorized access and leaks.

Chaffetz has asked the OIG to conduct further inquiries into the Secret Service's mishandling of personally identifiable information.

About the Author

Mark Rockwell is a senior staff writer at FCW, whose beat focuses on acquisition, the Department of Homeland Security and the Department of Energy.

Before joining FCW, Rockwell was Washington correspondent for Government Security News, where he covered all aspects of homeland security from IT to detection dogs and border security. Over the last 25 years in Washington as a reporter, editor and correspondent, he has covered an increasingly wide array of high-tech issues for publications like Communications Week, Internet Week, Fiber Optics News, tele.com magazine and Wireless Week.

Rockwell received a Jesse H. Neal Award for his work covering telecommunications issues, and is a graduate of James Madison University.

Click here for previous articles by Rockwell. Contact him at mrockwell@fcw.com or follow him on Twitter at @MRockwell4.


  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.