Archive

Archive for the ‘U.S. Department of Homeland Security’ Category

DHS OIG — CBP Did Not Effectively Plan and Manage Employee Housing in Ajo, Arizona

September 11, 2014 Comments off

CBP Did Not Effectively Plan and Manage Employee Housing in Ajo, Arizona (PDF)
Source: U.S. Department of Homeland Security, Office of Inspector General
From email:

Customs and Border Protection (CBP) vastly overpaid for an overly elaborate employee housing project in remote Ajo, Arizona, a new Department of Homeland Security, Office of Inspector General, report has found.

OIG Report No. OIG 14-131, “CBP Did Not Effectively Plan and Manage Employee Housing in Ajo, Arizona,” found that CBP paid an average of $680,000 each to build 21 single-family homes in Ajo, where home prices average $86,500. The units are for CBP employees stationed on and near the U.S.-Mexico border.

Specifically, the OIG found that CBP:

·Paid a premium price for land;
·Built two- and three-bedroom family-style houses rather than the recommended one -bedroom apartment-style housing; and
·Included nonessential items and amenities in the project without adequate justification.

“This is a classic example of inadequate planning and management leading to wasteful spending,” said Inspector General John Roth. “This project could have been completed at much less cost to the taxpayers.”

About these ads

DHS OIG — DHS Has Not Effectively Managed Pandemic Personal Protective Equipment and Antiviral Medical Countermeasures

September 8, 2014 Comments off

DHS Has Not Effectively Managed Pandemic Personal Protective Equipment and Antiviral Medical Countermeasures (PDF)
Source: U.S. Department of Homeland Security, Office of Inspector General
From press release (dated September 9, 2014) (PDF):

In 2006, Congress appropriated $47 million in supplemental funding to the Department of Homeland Security (DHS) to plan, train, and prepare for a potential pandemic. An OIG audit has determined DHS cannot ensure it has sufficient personal protective equipment and antiviral medical countermeasures for a pandemic response. The report, “DHS Has Not Effectively Manage Pandemic Personal Protective Equipment and Antiviral Medical Countermeasures,” OIG-14-129, determined that DHS did not develop and implement stockpile replenishment plans or inventory controls to monitor stockpiles, have adequate contract oversight processes, or ensure compliance with Department guidelines. DHS also has no assurance that the supplies on hand remain effective.

For example, our auditors found that:

  • DHS has a reported inventory of approximately 16 million surgical masks without demonstrating a need for that quantity;
  • Personal protective equipment stockpiles include expired hand sanitizer. Out of 4,982 bottles we examined, 4,184 (84 percent) were expired, some by up to 4 years;
  • 81 percent of antiviral drugs acquired by the DHS Office of Health Affairs Component will expire by the end of 2015; and
  • DHS and its components do not know where its personal protective equipment is located, how much it has, and the usability of the stockpiles that exist.

CRS — Implementation of Chemical Facility Anti-Terrorism Standards (CFATS): Issues for Congress (August 12, 2014)

August 26, 2014 Comments off

Implementation of Chemical Facility Anti-Terrorism Standards (CFATS): Issues for Congress (PDF)
Source: Congressional Research Service (via Federation of American Scientists)

The Department of Homeland Security (DHS) implements the Chemical Facility Anti-Terrorism Standards (CFATS) regulations, which regulate security at high-risk facilities possessing more than certain amounts of one or more chemicals of interest. Facilities possessing more than the specified amount must register with DHS through this program (a process known as the Top- Screen) and perform security-related activities. The DHS identifies a subset of high-risk chemical facilities from among those that register. These high-risk chemical facilities must submit a security vulnerability assessment, which DHS uses to confirm their high-risk designation, and a site security plan, which DHS then reviews and authorizes. The DHS also inspects and approves high-risk chemical facilities for adherence to their submitted site security plans. It also later inspects for compliance with these plans following DHS approval. The DHS regulates approximately 4,000 facilities under this program and is in the process of implementing the regulatory requirements for security vulnerability assessment, site security planning, and inspection.

DHS OIG — Implementation Status of the Enhanced Cybersecurity Services Program

August 20, 2014 Comments off

Implementation Status of the Enhanced Cybersecurity Services Program (PDF)
Source: U.S. Department of Homeland Security, Office of Inspector General

The National Protection Programs Directorate (NPPD) is primarily responsible for fulfilling the DHS national, nonͲlaw enforcement cybersecurity missions. Within NPPD, the Office of Cybersecurity and Communications is responsible for the implementation of the Enhanced Cybersecurity Services program. Our overall objective was to determine the effectiveness of the Enhanced Cybersecurity Services program to disseminate cyber threat and technical information with the critical infrastructure sectors through commercial service providers.

NPPD has made progress in expanding the Enhanced Cybersecurity Services program. For example, as of May 2014, 40 critical infrastructure entities participate in the program. Additionally, 22 companies have signed memorandums of agreement to join the program. Further, NPPD has established the procedures and guidance required to carry out key tasks and operational aspects of the program, including an inͲdepth security validation and accreditation process. NPPD has also addressed the privacy risk associated with the program by developing a Privacy Impact Assessment. Finally, NPPD has engaged sector-specific agencies and government furnished information providers to expand the program, and has developed program reporting and metric capabilities to monitor the program.

Although NPPD has made progress, the Enhanced Cybersecurity Services program has been slow to expand because of limited outreach and resources. In addition, cyber threat information sharing relies on NPPD’s manual reviews and analysis, which has led to inconsistent cyber threat indicator quality.

CRS Insights — 2014 Quadrennial Homeland Security Review: Evolution of Strategic Review (August 6, 2014)

August 13, 2014 Comments off

2014 Quadrennial Homeland Security Review: Evolution of Strategic Review (PDF)
Source: Congressional Research Service (via Federation of American Scientists)

In June 2014, The Department of Homeland Security (DHS) reported the second iteration of the Quadrennial Homeland Security Review (QHSR) to Congress. The QHSR is a “comprehensive examination of the homeland security strategy of the Nation, including recommendations regarding the longterm strategy and priorities of the Nation for homeland security.”

The quadrennial homeland security review is a process in which DHS examines the nation’s homeland security strategy; the report provides an explanation of this process. Neither the review process nor the report to Congress is a strategy, instead the 2014 QHSR (both the process and report) are part of the constant reevaluation of the nation’s homeland security and part of the process by which the combined National and Homeland Security Staff develops the next iteration of the national security strategy. In 2010, the Obama Administration combined the national and homeland security strategies with its 2010 issuance of the National Security Strategy.

Originally Congress, in Section 904 of the Homeland Security Act of 2002 (HSA), tasked the National Homeland Security Council and staff to assess homeland security objectives, commitments, and risks. Additionally, the council was to oversee and review homeland security policies.

DHS OIG — Domestic Nuclear Detection Office Has Taken Steps To Address Insider Threat, but Challenges Remain

August 1, 2014 Comments off

Domestic Nuclear Detection Office Has Taken Steps To Address Insider Threat, but Challenges Remain
Source: U.S. Department of Homeland Security, Office of Inspector General

We reviewed the efforts of the Domestic Nuclear Detection Office (DNDO) to address the risk posed by trusted insiders. Our objective was to assess DNDO’s progress toward protecting its information technology assets from threats posed by its employees, especially those with trusted or elevated access to sensitive, but unclassified information systems or data.

Steps are underway to address and mitigate the insider risk at DNDO. Specifically, the Department of Homeland Security (DHS) Acting Under Secretary of Intelligence and Analysis established an Insider Threat Task Force to develop a program to address the risk of insider threats for DHS, including DNDO. In addition, the DHS Office of Intelligence and Analysis has detailed a counterintelligence officer to DNDO to help mitigate espionage‐related insider risks. The DHS Office of Intelligence and Analysis routinely briefs DNDO on counterintelligence awareness, including insider threat indicators. In addition, DNDO provides security awareness training to its employees and contractors regarding security‐related topics that could help prevent or detect the insider risk. In September 2013, the DHS Office of the Chief Security Officer began a comprehensive vulnerability assessment of DNDO assets, which includes identifying insider risks and vulnerabilities. The DHS Security Operations Center monitors DNDO information systems and networks to respond to potential insider based incidents. Finally, the DHS Special Security Programs Division handles and investigates security incidents, including those types attributed to malicious insiders.

Additional steps to address the insider risk at DNDO are required. Specifically, DNDO needs to implement insider threat procedures, upon receipt of policy issued by the DHS Office of the Chief Information Officer (OCIO) that defines roles and responsibilities for addressing insider risks to unclassified networks and systems. DNDO also needs to provide documentation that clearly shows the effectiveness of controls or processes in place to detect and respond to unauthorized data exfiltration from DNDO unclassified information technology assets via email services provided by the DHS OCIO.

DNDO can strengthen processes and controls for its own technology infrastructure. They can disable portable media ports on controlled information technology assets where there is no legitimate business need. DNDO can apply critical security patches to these assets and perform periodic security assessments of controlled sites to identify any indication of unauthorized wireless devices or connections to DHS networks.

DHS OIG — Oversight of Unaccompanied Alien Children

July 31, 2014 Comments off

Oversight of Unaccompanied Alien Children (PDF)
Source: U.S. Department of Homeland Security, Office of Inspector General
From press release (PDF):

The Office of Inspector General (OIG), Department of Homeland Security (DHS), today issued the first of a series of reports on conditions at detention centers being used to temporarily house unaccompanied alien children.

The report is based on 87 unannounced site visits conducted by OIG agents from July 1-16 at 63 detention centers in Texas, Arizona and California, largely operated by Customs and Border Protection. The OIG’s oversight of the detention centers is ongoing and reports will be issued monthly.

The OIG’s findings are contained in a memorandum from Inspector General John Roth to Homeland Security Secretary Jeh C. Johnson.

OIG Agents checked the sites for sanitation, availability of medical care, food services and other factors. Sites and their staff were found to be largely in compliance with rules and regulations. Some problems were identified, including children requiring treatment for communicable diseases and DHS employees who have become ill from contact with their charges.

Follow

Get every new post delivered to your Inbox.

Join 914 other followers