A new government study specifically commended the Department of Homeland Security for handling the information of the American people and yet found “opportunities” in which several of its organizations pursue security measures.
Analyzing data from the six main components of DHS, a Report of Government Accountability Office (GAO). released this month found that some IT machines operated by third-party contractors are “at risk of misuse and inadequate security” due to a number of security measures that they say have not been followed at DHS headquarters and in other cases such as the US Coast Guard, a private one. in this department. military branch.
“While contractors who use systems and provide services to federal agencies can provide significant benefits,” GAO said, “they could also pose risks to organizational information and systems, such as unauthorized access, use, disclosure, and modification of data. federal. ”
The report, commissioned by Sen. Maggie Hassan, chair of the Subcommittee on Emerging Threats and Spending Oversight, found that DHS agencies such as the Federal Emergency Management Agency (FEMA) and Immigration and Customs Enforcement (ICE) were closely following the mitigation measures. the risk of known information being collected by its contractors. (Specific information, or “PII,” may include a person’s name, date of birth, Social Security number, and health, financial, or employment status.)
However, GAO found that the DHS headquarters, which provided $ 7.6 billion in IT funding last year, failed to provide confidential training to its contractors, and that the Coast Guard did not have the credentials to identify and deal with gaps on its own. security; failure which GAO claims puts the contractor’s machine “at increased risk of unauthorized access.”
G / O Media can find a job
In addition, the congressman said he did not believe that the Coast Guard or the Transportation Security Administration (TSA) – the DHS component, which is heavily involved in air traffic control – had the necessary procedures to monitor when sharing personal information with new contractors. for the first time; Strategies that are described as important in reducing the harassment of contractors who use a lot of human resources.
The GAO provided a total of seven guidelines, which DHS fully approved; however, DHS also questioned that the three assumptions already considered are working. He did not provide the documents, GAO said, which would support such an idea.
DHS did not respond to a request for comment. Prophet Sen. Hassan did not arrive immediately.
“As long as DHS pursues to ensure that all components carry out its privacy and repair procedures, PII is at risk of misuse and inadequate security,” said GAO, noting that DHS, among other agencies, said can have profound implications for function, property, and people. ”
Data provided by DHS also showed a 26% increase in so-called “secret events” between 2015 and 2019, with an increase of 140 “events” in the last year. DHS and other agencies consider “secret events”In particular any incident involving a lack of self-control, persuasion, illicit disclosure, [or] unauthorized access ”of personal information.
Inspector general research in recent years has found a failure in the DHS to adhere to basic cyber security principles. A 2019 audit, for example, gave its security program a very low grade; “Fit grade F,” he said Senate reports, published in August. Twenty-six “high-risk threats” were detected in three DHS units, the report said, which puts risk-takers on complex machines that contain highly sensitive data.
Source link
