DHS ranks high on GAO's high-risk list

The Homeland Security Department is tied for second among federal departments for having the most high-risk management challenges on the Government Accountability Office’s biennial high-risk list released Jan. 22.

The Defense Department is first, with eight high-risk areas, and DHS and the Health and Human Services Department are tied for second, each with four high-risk areas.

GAO’s list identifies 30 federal programs and management areas at high risk of waste and abuse, up from 27 listed in 2007, including several risks that affect multiple departments.

DHS is challenged by transformation and integration of the department from 22 agencies; protection of the nation’s critical infrastructures, implementation of information sharing to protect against terrorism, and management of the national flood insurance system, the GAO said.

Transformation and integration of DHS into a fully-functioning department has been on the high-risk list since the department started operations in 2003. “DHS has generally made more progress in implementing its mission activities than its management functions, reflecting an initial focus on efforts to secure the homeland,” GAO wrote.

Although the mission implementations still are a work in progress, management focus also needs to be on integrating financial management systems, deploying acquisition policies and developing its acquisition workforce, having more disciplined program management and information security controls for information technology systems and implementing a market-based and more performance-oriented pay system, GAO said.

The item of longest standing on DHS’ list is protection of the nation’s critical infrastructures and information systems, which first appeared on GAO’s high-risk list 12 years ago.

DHS continues to make progress in both areas, but also exhibits deficiencies, including some in cyber analysis and warning capabilities, developing sector-specific plans that fully address all cyber-related criteria, improving the cybersecurity of infrastructure control systems and strengthening the ability to help recover from Internet disruptions, the report stated.

“Until these and other key cyber security areas are effectively addressed, the nation’s cyber critical infrastructure is at risk of increasing threats posed by terrorists, nation-states, and others,” the report stated.

Responsibility for information-sharing falls both in DHS and in the Office of the Director of National Intelligence. Although progress has been made, this challenge has been on the high-risk list since 2005.

Shortcomings by DHS include a lack of fully defined requirements for the next-generation Homeland Security Information Network and also challenges in operating regional intelligence fusion centers. The centers struggle with information overload; analyst recruitment, training, and retention issues; and long-term sustainability, GAO said.