The Department of Homeland Security needs additional IT workers to help it assist state and local election officials, as well as patch its internal systems, the agency's IG said in a semi-annual report to Congress.
The Department of Homeland Security could use a few more hands to help it tackle cybersecurity issues ranging from election security efforts to simple security procedures for its internal networks, the agency's inspector general told Congress in a new report.
"Additional staff could enhance DHS' ability to provide technical assistance and outreach to state and local election officials during elections" moving forward, the DHS Office of Inspector General said in its semiannual congressional report released on May 31 that summed up its oversight activities between October 2018 and March 2019.
The report also noted DHS also still needs to improve its patch management process and take action to protect the personal data of disaster survivors.
The OIG cited a February report that said the agency's efforts to help state and local governments secure their election infrastructure with mitigation and threat detection services had been hindered by shifting agency leadership, administrative staff shortages and a lack of metrics. DHS responded that its new Cybersecurity and Infrastructure Security Agency was working to remedy those gaps, including prioritizing hiring operational and administrative staff, as well as increasing its outreach to state and local governments.
There was good news and bad news for the agency on its Federal Information Security Modernization Act efforts to secure sensitive data. The OIG said although DHS had been effective in protecting its most secret systems in 2018, reaching "Level 4 – Managed and Measurable" in three of five cybersecurity functions, it still had basic issues with timely patch management.
DHS also told the IG it was working to close data security gaps in its Transitional Sheltering Program for disaster survivors' short-term housing needs. In March, the OIG reported that DHS had improperly released sensitive personal data on 2.3 million survivors of hurricanes Harvey, Irma, and Maria and the California wildfires.
The report said the Federal Emergency Management Agency had sent program participants' names, birthdates, partial Social Security numbers, as well as more sensitive data such as home addresses and bank account data to its housing contractors so they could check program eligibility.
FEMA, said the report, deployed a team to contractors' facilities to document and "sanitize" the data of unnecessary elements.
NEXT STORY: Why attribution is a means to an end