Infrastructure

OIG: USPS not prepared for IT blackout

United States Postal Service logo. 

The U.S. Postal Service may be ill-prepared to fulfill essential operations in the event of an IT outage, according to a recent inspector general report.

The Post Office is required to have continuity of operations plans in place to prepare for a range of possible disruptions to normal postal operations, whether they're due to tech failures, cyber attacks or natural causes, such as rain, sleet, snow or gloom of night. 

But the IG found that USPS's IT management lacks complete continuity of operations plans, and USPS does not annually train personnel responsible for executing them.

To complement those emergency plans, IT management developed what it calls functional working group annex plans that address "essential information technology operations."

However, in a report dated March 29 and released publicly April 6, the IG found IT management's plans to be lacking.

Auditors found that USPS IT management did not annually review, update and test the plans. At least one of the plan sets had not been updated in years. The IG redacted the number of plans and when the most recent update took place from the report. (FCW has filed a FOIA request for an unredacted copy of the report.)

The watchdog also found that all of the plans reviewed had former employees listed as points of contact. 

The plans were also missing key requirements, such as identifying critical information system assets, alternative telecommunications services and procedures for using alternative processing centers that do not face the same threats as the initial site.

Additionally, auditors reported that USPS IT management did not provide annual training for personnel responsible for carrying out the plans. They warn that untrained staff "may not have the skills required to support essential functions" during a disruption of normal operations.

The IG noted that, during the audit, USPS took corrective action and began training its personnel to handle continuity of operations plans.

"These issues occurred because Postal Service Management did not have a policy that defined requirements for managing" the functional working group annex plans, the report stated.

Auditors also noted that the USPS information security handbook "references a non-existent management instruction policy … that was never finalized or published."   

The IG recommended USPS management to develop a policy for managing IT continuity of operations plans that includes annual reviews, updates and testing, based on federal directives and best practices, and to require annual training for all personnel responsible for carrying out the plan's responsibilities.

USPS management generally agreed with the two findings. Management also told the IG that it has begun to take corrective action and will complete each recommendation by Sept. 30.

About the Author

Chase Gunter is a staff writer covering civilian agencies, workforce issues, health IT, open data and innovation.

Prior to joining FCW, Gunter reported for the C-Ville Weekly in Charlottesville, Va., and served as a college sports beat writer for the South Boston (Va.) News and Record. He started at FCW as an editorial fellow before joining the team full-time as a reporter.

Gunter is a graduate of the University of Virginia, where his emphases were English, history and media studies.

Click here for previous articles by Gunter, or connect with him on Twitter: @WChaseGunter

Rising Stars

Meet 21 early-career leaders who are doing great things in federal IT.

Featured

  • SEC Chairman Jay Clayton

    SEC owns up to 2016 breach

    A key database of financial information was breached in 2016, possibly in support of insider trading, said the Securities and Exchange Commission.

  • Image from Shutterstock.com

    DOD looks to get aggressive about cloud adoption

    Defense leaders and Congress are looking to encourage more aggressive cloud policies and prod reluctant agencies to embrace experimentation and risk-taking.

  • Shutterstock / Pictofigo

    The next big thing in IT procurement

    Steve Kelman talks to the agencies that have embraced tech demos in their acquisition efforts -- and urges others in government to give it a try.

  • broken lock

    DHS bans Kaspersky from federal systems

    The Department of Homeland Security banned the Russian cybersecurity company Kaspersky Lab’s products from federal agencies in a new binding operational directive.

  • man planning layoffs

    USDA looks to cut CIOs as part of reorg

    The Department of Agriculture is looking to cut down on the number of agency CIOs in the name of efficiency and better communication across mission areas.

  • What's next for agency cyber efforts?

    Ninety days after the Trump administration's executive order, FCW sat down with agency cyber leaders to discuss what’s changing.

Reader comments

Mon, Apr 10, 2017

USPS doesn't function well under any conditions. There has been a marked decline in the last 10 years.

Sat, Apr 8, 2017 Crystal 6

The Author, nailed it. I say thus because i have a career of 32 years of service with the USPS.to the Author, hold to your core because it us righteous,laying out for all to see on paper. I personally ate up your writing as if it were home made chocolate. Yumm

Sat, Apr 8, 2017 Darin Ridgeway

Kind of funny we delivered the mail the old fashioned way for years. I'm sure I can do it again LOL!

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group