Infrastructure

OIG: USPS not prepared for IT blackout

United States Postal Service logo. 

The U.S. Postal Service may be ill-prepared to fulfill essential operations in the event of an IT outage, according to a recent inspector general report.

The Post Office is required to have continuity of operations plans in place to prepare for a range of possible disruptions to normal postal operations, whether they're due to tech failures, cyber attacks or natural causes, such as rain, sleet, snow or gloom of night. 

But the IG found that USPS's IT management lacks complete continuity of operations plans, and USPS does not annually train personnel responsible for executing them.

To complement those emergency plans, IT management developed what it calls functional working group annex plans that address "essential information technology operations."

However, in a report dated March 29 and released publicly April 6, the IG found IT management's plans to be lacking.

Auditors found that USPS IT management did not annually review, update and test the plans. At least one of the plan sets had not been updated in years. The IG redacted the number of plans and when the most recent update took place from the report. (FCW has filed a FOIA request for an unredacted copy of the report.)

The watchdog also found that all of the plans reviewed had former employees listed as points of contact. 

The plans were also missing key requirements, such as identifying critical information system assets, alternative telecommunications services and procedures for using alternative processing centers that do not face the same threats as the initial site.

Additionally, auditors reported that USPS IT management did not provide annual training for personnel responsible for carrying out the plans. They warn that untrained staff "may not have the skills required to support essential functions" during a disruption of normal operations.

The IG noted that, during the audit, USPS took corrective action and began training its personnel to handle continuity of operations plans.

"These issues occurred because Postal Service Management did not have a policy that defined requirements for managing" the functional working group annex plans, the report stated.

Auditors also noted that the USPS information security handbook "references a non-existent management instruction policy … that was never finalized or published."   

The IG recommended USPS management to develop a policy for managing IT continuity of operations plans that includes annual reviews, updates and testing, based on federal directives and best practices, and to require annual training for all personnel responsible for carrying out the plan's responsibilities.

USPS management generally agreed with the two findings. Management also told the IG that it has begun to take corrective action and will complete each recommendation by Sept. 30.

About the Author

Chase Gunter is a staff writer covering civilian agencies, workforce issues, health IT, open data and innovation.

Prior to joining FCW, Gunter reported for the C-Ville Weekly in Charlottesville, Va., and served as a college sports beat writer for the South Boston (Va.) News and Record. He started at FCW as an editorial fellow before joining the team full-time as a reporter.

Gunter is a graduate of the University of Virginia, where his emphases were English, history and media studies.

Click here for previous articles by Gunter, or connect with him on Twitter: @WChaseGunter

The Fed 100

Read the profiles of all this year's winners.

Featured

Reader comments

Mon, Apr 10, 2017

USPS doesn't function well under any conditions. There has been a marked decline in the last 10 years.

Sat, Apr 8, 2017 Crystal 6

The Author, nailed it. I say thus because i have a career of 32 years of service with the USPS.to the Author, hold to your core because it us righteous,laying out for all to see on paper. I personally ate up your writing as if it were home made chocolate. Yumm

Sat, Apr 8, 2017 Darin Ridgeway

Kind of funny we delivered the mail the old fashioned way for years. I'm sure I can do it again LOL!

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group