IG: DHS needs more election tech help, IT patching
- By Mark Rockwell
- May 31, 2019
The Department of Homeland Security could use a few more hands to help it tackle cybersecurity issues ranging from election security efforts to simple security procedures for its internal networks, the agency's inspector general told Congress in a new report.
"Additional staff could enhance DHS' ability to provide technical assistance and outreach to state and local election officials during elections" moving forward, the DHS Office of Inspector General said in its semiannual congressional report released on May 31 that summed up its oversight activities between October 2018 and March 2019.
The report also noted DHS also still needs to improve its patch management process and take action to protect the personal data of disaster survivors.
The OIG cited a February report that said the agency's efforts to help state and local governments secure their election infrastructure with mitigation and threat detection services had been hindered by shifting agency leadership, administrative staff shortages and a lack of metrics. DHS responded that its new Cybersecurity and Infrastructure Security Agency was working to remedy those gaps, including prioritizing hiring operational and administrative staff, as well as increasing its outreach to state and local governments.
There was good news and bad news for the agency on its Federal Information Security Modernization Act efforts to secure sensitive data. The OIG said although DHS had been effective in protecting its most secret systems in 2018, reaching "Level 4 – Managed and Measurable" in three of five cybersecurity functions, it still had basic issues with timely patch management.
DHS also told the IG it was working to close data security gaps in its Transitional Sheltering Program for disaster survivors' short-term housing needs. In March, the OIG reported that DHS had improperly released sensitive personal data on 2.3 million survivors of hurricanes Harvey, Irma, and Maria and the California wildfires.
The report said the Federal Emergency Management Agency had sent program participants' names, birthdates, partial Social Security numbers, as well as more sensitive data such as home addresses and bank account data to its housing contractors so they could check program eligibility.
FEMA, said the report, deployed a team to contractors' facilities to document and "sanitize" the data of unnecessary elements.
Mark Rockwell is a senior staff writer at FCW, whose beat focuses on acquisition, the Department of Homeland Security and the Department of Energy.
Before joining FCW, Rockwell was Washington correspondent for Government Security News, where he covered all aspects of homeland security from IT to detection dogs and border security. Over the last 25 years in Washington as a reporter, editor and correspondent, he has covered an increasingly wide array of high-tech issues for publications like Communications Week, Internet Week, Fiber Optics News, tele.com magazine and Wireless Week.
Rockwell received a Jesse H. Neal Award for his work covering telecommunications issues, and is a graduate of James Madison University.
Click here for previous articles by Rockwell.
Contact him at [email protected] or follow him on Twitter at @MRockwell4.