WASHINGTON – Homeland Security and Governmental Affairs Committee Ranking Member Joe Lieberman, D-Conn., said Monday the Department of Homeland Security is failing to meet its responsibilities to keep its own computer infrastructure secure. A new study by the Government Accountability Office, requested by Senator Lieberman, found that the Department has not fully implemented practices and controls to protect its information systems nor the information contained within them.
“How can the Department possibly protect the nation’s critical cyber-structure if it cannot keep its own house in order?” Lieberman said. “More than two years after the Department was formed, it should have a better grasp on protecting its own systems and information. I encourage it to follow the GAO’s recommendations to improve its cyber security expeditiously.” In May, the GAO issued a separate report critical of the Department’s ability to protect the nation’s computer infrastructure, citing underlying management problems. The DHS Inspector General has also publicly chided the Department for failing to install back-up systems should the Department’s computer functions fail. In its most recent report, the GAO said the Department had not completed: · risk assessments of its systems · information system security plans · testing and evaluation of its security controls · remedial action plans · plans for continuity of computer operations should a breach occur · a systems inventory “Until DHS addresses these weaknesses and fully implements a comprehensive, department-wide information security program, its ability to protect the confidentiality, integrity and availability of its information and information systems will be limited,” the GAO report said. GAO is recommending that DHS fully implement key information security practices and controls, and establish milestones for developing a comprehensive information systems inventory. The May GAO report, also requested by Lieberman, found that DHS has not fully addressed any of its 13 chief tasks for protecting the nation’s cyber infrastructure. For example, it had yet to develop a national threat assessment, a contingency plan in case of attack, and a plan to recover key internet functions, should they be disabled. Furthermore, the Department “continues to have difficulties” establishing working partnerships with other local, state, and federal agencies and with the private sector. For more information on the May GAO report, please click here: http://www.hsgac.senate.gov/index.cfm?FuseAction=PressReleases.Detail&Affiliation=R&PressRelease_id=1001&Month=5&Year=2005 The new report is available at: http://www.gao.gov/new.items/d05700.pdf -30-