Rep. Bennie Thompson | To protect the U.S., DHS needs secure systems

 

Connecting state and local government leaders

In the late 1960s, the Stanford Research Institute, the University of California at Los Angeles and the Department of Defense worked together to create a network designed to assist the military with its communications during wartime.

In the late 1960s, the Stanford Research Institute, the University of California at Los Angeles and the Department of Defense worked together to create a network designed to assist the military with its communications during wartime. Their efforts led to ARPANET, which eventually spawned the Internet and the networked systems that today run much of our society.Our electrical grid, telecommunications networks, financial sector, and emergency and national defense services all depend on computer networks'networks that are interconnected and reliant on one another. A weak link anywhere within a network, whether on a home PC or government system, can allow terrorists and other criminals to attack our economic and national security.In response to this threat, Congress enacted a number of laws to assist federal agencies in designing, developing and implementing information security programs. One of those laws, the Federal Information Security Management Act of 2002, plays a critical role in assuring that agencies are doing all they can to protect their part of the networked community.Unfortunately, the Homeland Security Department has failed to make the grade with regard to FISMA and securing its networks. In its annual Federal Computer Security Report Card issued last December, the House Government Reform Committee gave the Department an 'F' for its efforts on information security. This is the second year in a row that the department received a failing grade on the report card, which is based on federal agencies' annual IT security reviews required by FISMA.In June, the Government Accountability Office issued a report examining how well the department is progressing with its information security efforts. Its findings were consistent with what the Government Reform Committee found. The GAO report stated that the department 'has not fully implemented a comprehensive, departmentwide information security program to protect the information and information systems that support its operations and assets.'The fact that the federal agency tasked with protecting our nation from all types of attacks cannot even protect its own systems is troubling.It is even more problematic that many of the components and programs cited by GAO for the worst information security efforts are those tasked with critical homeland security responsibilities. They include the Immigration and Customs Enforcement agency, the Transportation Security Administration, the U.S. Visitor and Immigrant Status Indicator Technology program, and the Emergency Preparedness and Response Directorate.ICE and U.S. Visit are critical elements of our nation's border security. ICE is the investigative arm of the department that must secure the nation's borders and investigate immigration and customs violations. U.S. Visit is a congressionally mandated program designed to track the entry and exit of visitors to our nation using biometrics and personally identifiable information.TSA is responsible for securing our aviation, rail and public transit sectors. EPR is responsible for assisting our nation's first responders'police, firefighters, and emergency medical personnel'with their efforts to protect our local communities.Information security gaps at these DHS entities and programs pose several dangers. First, it is possible that sensitive information, including biometrics and personal information collected and stored about millions of people, could be accessed and compromised by wrongdoers.The recent spate of data breaches at commercial databases should serve as a wake-up call to the department that protecting information is critical to combating identity theft. Recently, the Democratic staff of the House Homeland Security Committee prepared a report showing how terrorists could use identity theft to help carry out their attacks.Entities like ICE and EPR may have information in their systems that relates to sensitive investigations or specific efforts by state and local communities to secure the homeland. If those systems aren't secure, terrorists could access information compromising the safety of law enforcement officials working for the department, as well as that of our local first responders. This is simply unacceptable.GAO's finding that several of these entities have not completed risk assessments or are operating with outdated assessments should be a concern. It is impossible to determine where the department's weak links are if components have not even been identified and assessed for information security risks. It is also difficult for Congress to assist the DHS with its information security efforts if we do not know where to authorize and appropriate funds.The department must take several steps to improve its IT security.The first is ensuring that the CIO has the authority to direct the various components and their individual CIOs to comply with FISMA and departmental policy.Currently, the department's CIO lacks that authority. Each individual agency's CIO operates its own systems and networks. Building in redundancy and interoperability, along with simple departmentwide management, is not possible if the top CIO cannot direct the troops.Second, the CIO, with the secretary's support, must require the component agencies to implement information security practices. The key is developing complete and up-to-date risk assessments.I know from talking to secretary Michael Chertoff and other department leaders that they want DHS to take a risk-based approach to securing our nation. The department should set an example by first undertaking such an approach in its own house.Securing our nation's computer networks and systems is not an easy task. Threats and vulnerabilities, unfortunately, abound. That said, the agency tasked with keeping us safe from terrorists should not itself pose one of the most transparent security risks. n

The agency tasked with keeping us safe against terrorists should not itself pose one of the most transparent security risks.

Rep. Thompson (D-Miss.) is the ranking minority member of the House Homeland Security Committee. He has consistently focused attention on technology issues at the department, partly by sponsoring investigations of DHS systems issues. Rep. Thompson and other committee members, notably former chairman Christopher Cox (R-Calif.), have worked in a bipartisan fashion to improve the department's IT performance, like their counterparts on the Senate Homeland Security and Governmental Affairs Committee.






































NEXT STORY: United front

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.