Infrastructure

OIG: USPS not prepared for IT blackout

United States Postal Service logo. 

The U.S. Postal Service may be ill-prepared to fulfill essential operations in the event of an IT outage, according to a recent inspector general report.

The Post Office is required to have continuity of operations plans in place to prepare for a range of possible disruptions to normal postal operations, whether they're due to tech failures, cyber attacks or natural causes, such as rain, sleet, snow or gloom of night. 

But the IG found that USPS's IT management lacks complete continuity of operations plans, and USPS does not annually train personnel responsible for executing them.

To complement those emergency plans, IT management developed what it calls functional working group annex plans that address "essential information technology operations."

However, in a report dated March 29 and released publicly April 6, the IG found IT management's plans to be lacking.

Auditors found that USPS IT management did not annually review, update and test the plans. At least one of the plan sets had not been updated in years. The IG redacted the number of plans and when the most recent update took place from the report. (FCW has filed a FOIA request for an unredacted copy of the report.)

The watchdog also found that all of the plans reviewed had former employees listed as points of contact. 

The plans were also missing key requirements, such as identifying critical information system assets, alternative telecommunications services and procedures for using alternative processing centers that do not face the same threats as the initial site.

Additionally, auditors reported that USPS IT management did not provide annual training for personnel responsible for carrying out the plans. They warn that untrained staff "may not have the skills required to support essential functions" during a disruption of normal operations.

The IG noted that, during the audit, USPS took corrective action and began training its personnel to handle continuity of operations plans.

"These issues occurred because Postal Service Management did not have a policy that defined requirements for managing" the functional working group annex plans, the report stated.

Auditors also noted that the USPS information security handbook "references a non-existent management instruction policy … that was never finalized or published."   

The IG recommended USPS management to develop a policy for managing IT continuity of operations plans that includes annual reviews, updates and testing, based on federal directives and best practices, and to require annual training for all personnel responsible for carrying out the plan's responsibilities.

USPS management generally agreed with the two findings. Management also told the IG that it has begun to take corrective action and will complete each recommendation by Sept. 30.

About the Author

Chase Gunter is a former FCW staff writer.

Featured

  • Defense
    The U.S. Army Corps of Engineers and the National Geospatial-Intelligence Agency (NGA) reveal concept renderings for the Next NGA West (N2W) campus from the design-build team McCarthy HITT winning proposal. The entirety of the campus is anticipated to be operational in 2025.

    How NGA is tackling interoperability challenges

    Mark Munsell, the National Geospatial-Intelligence Agency’s CTO, talks about talent shortages and how the agency is working to get more unclassified data.

  • Veterans Affairs
    Veterans Affairs CIO Jim Gfrerer speaks at an Oct. 10 FCW event (Photo credit: Troy K. Schneider)

    VA's pivot to agile

    With 10 months on the job, Veterans Affairs CIO Jim Gfrerer is pushing his organization toward a culture of constant delivery.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.