IG: DHS should get new infrastructure data system

Homeland Security Department officials should make a priority of getting a new data system to keep track of the country’s critical infrastructure up and running, the department’s inspector general has said.

In a recent report, the IG said minimal progress has been made to finalize the department’s replacement for the National Asset Database (NADB). It was a static database that had data on the country's critical infrastructure that it stopped using in 2006. The replacement system, the Infrastructure Information Collection System (IICS), is still in development. Meanwhile, the IG cited delays in acquiring a component of that system, the Infrastructure Data Warehouse (IDW), that would replace the NADB.

The IG said delays in acquiring the IDW mean that data gathered through the department’s primary effort to identify critical infrastructure isn't part of a national database, as required by law. The IDW would allow DHS’ partners involved with critical infrastructure protection to access various tools with data that the static NADB didn’t have, the report states. It was made public July 20.

DHS is responsible for leading the national effort to identify and protect critical infrastructure. An anti-terrorism law passed in 2007 mandated that DHS maintain and use a database to catalog the nation’s critical infrastructure and the IG review those efforts.

The department currently maintains two lists that identify the country’s most critical assets. One list includes infrastructure that, if disrupted, would have the highest consequences and second list includes data on assets whose disruption would have nationally significant consequences, the report states. The IG said the lists are used to guide DHS grant allocation decisions and other risk-management activities.

The report states DHS' process for creating lists has been enhanced over previous years. In addition, the IG said DHS’ Office of Infrastructure Protection “has shown commendable interest in ongoing improvement to the list process.”

The IG also said that major changes weren’t needed for DHS’ model for working with different sectors that maintain critical infrastructure and the report said “we are pleased that infrastructure sectors have seen a growing DHS commitment.”

However, DHS has identified gaps in current critical infrastructure risk management that the IDW is expected to diminish or eliminate, the IG said. The IG recommended that the chief information officer of DHS’ National Protection and Programs Directorate (NPPD) make the IICS acquisition process a priority and said the DHS’ Management Directorate would help those efforts.

“The IDW has the potential to enhance critical infrastructure protection, one of the department’s strategic goals,” the IG said. “Improved interaction between NPPD and the Directorate of Management is necessary to ensure that the IDW is procured in a way that meets departmental goals and satisfies the statutory requirement to catalog critical infrastructure.”

In response, DHS concurred with the recommendation and said it would said continue to acquire IICS that it said it considered an improved approach for collecting and maintaining reliable information on infrastructure.