DHS IG targets security, procurement

The Homeland Security Department’s information technology security, program management and procurement practices will be among the prime targets of the department’s inspector general during fiscal 2007, according to the IG’s recently published annual performance plan.The plan lays out the Office of the IG’s road map for the inspections and audits it expects to conduct during the year to evaluate the progress of DHS programs and operations, particularly in relation to the major management challenges they face.Security is an obvious concern, especially when it comes to mobile devices. The OIG is planning at least four audits of laptop security in its own workplace and in Customs and Border Protection, the Science and Technology Directorate, and the Federal Emergency Management Agency.It also expects to conduct a departmentwide audit of physical and logical access controls for devices such as personal digital assistants and cell phones. Phones in particular are becoming multifunctional devices, the OIG said, with next-generation models already on the market incorporating PDA, infrared, wireless Internet, e-mail and global positioning capabilities.“However, each new development will present its own security risks,” the OIG said. “Vulnerabilities may exist when using PDAs attached to personal computers or other network-connected devices.”Other security concerns the OIG expects to tackle involve the protection of personal information and the overall compliance of DHS’ component agencies with a departmentwide security program.One specific goal is an audit of the management oversight of DHS data-mining activities. In a report it published in June, the OIG identified a dozen systems that DHS employees use for that purpose.The office is also planning closer oversight of the management and acquisition practices of major technology programs.A critical component of the Secure Border Initiative, for example, is SBInet, which replaces two former programs, the Integrated Surveillance Intelligence System and the America’s Shield initiative.The OIG will conduct a review of how SBInet program managers use lessons learned from other programs to minimize risks, and, as congressionally mandated, will also conduct an audit of each contract or task order valued at more than $20 million.Other technology programs the OIG expects to examine during the year include those at the Transportation Security Administration, the U.S. Citizenship and Immigration Services’ IT modernization, and the Coast Guard’s enterprise architecture implementation.Overall, the OIG identified 17 areas as posing the most serious management challenges for DHS in fiscal 2007. Answering fundamental questions within each area will help determine how the department is performing, the OIG said, and will help highlight ways to improve programs and operations.