Archive

Archive for the ‘U.S. Department of Homeland Security’ Category

DHS OIG — Implementation Status of the Enhanced Cybersecurity Services Program

August 20, 2014 Comments off

Implementation Status of the Enhanced Cybersecurity Services Program (PDF)
Source: U.S. Department of Homeland Security, Office of Inspector General

The National Protection Programs Directorate (NPPD) is primarily responsible for fulfilling the DHS national, nonͲlaw enforcement cybersecurity missions. Within NPPD, the Office of Cybersecurity and Communications is responsible for the implementation of the Enhanced Cybersecurity Services program. Our overall objective was to determine the effectiveness of the Enhanced Cybersecurity Services program to disseminate cyber threat and technical information with the critical infrastructure sectors through commercial service providers.

NPPD has made progress in expanding the Enhanced Cybersecurity Services program. For example, as of May 2014, 40 critical infrastructure entities participate in the program. Additionally, 22 companies have signed memorandums of agreement to join the program. Further, NPPD has established the procedures and guidance required to carry out key tasks and operational aspects of the program, including an inͲdepth security validation and accreditation process. NPPD has also addressed the privacy risk associated with the program by developing a Privacy Impact Assessment. Finally, NPPD has engaged sector-specific agencies and government furnished information providers to expand the program, and has developed program reporting and metric capabilities to monitor the program.

Although NPPD has made progress, the Enhanced Cybersecurity Services program has been slow to expand because of limited outreach and resources. In addition, cyber threat information sharing relies on NPPD’s manual reviews and analysis, which has led to inconsistent cyber threat indicator quality.

About these ads

CRS Insights — 2014 Quadrennial Homeland Security Review: Evolution of Strategic Review (August 6, 2014)

August 13, 2014 Comments off

2014 Quadrennial Homeland Security Review: Evolution of Strategic Review (PDF)
Source: Congressional Research Service (via Federation of American Scientists)

In June 2014, The Department of Homeland Security (DHS) reported the second iteration of the Quadrennial Homeland Security Review (QHSR) to Congress. The QHSR is a “comprehensive examination of the homeland security strategy of the Nation, including recommendations regarding the longterm strategy and priorities of the Nation for homeland security.”

The quadrennial homeland security review is a process in which DHS examines the nation’s homeland security strategy; the report provides an explanation of this process. Neither the review process nor the report to Congress is a strategy, instead the 2014 QHSR (both the process and report) are part of the constant reevaluation of the nation’s homeland security and part of the process by which the combined National and Homeland Security Staff develops the next iteration of the national security strategy. In 2010, the Obama Administration combined the national and homeland security strategies with its 2010 issuance of the National Security Strategy.

Originally Congress, in Section 904 of the Homeland Security Act of 2002 (HSA), tasked the National Homeland Security Council and staff to assess homeland security objectives, commitments, and risks. Additionally, the council was to oversee and review homeland security policies.

DHS OIG — Domestic Nuclear Detection Office Has Taken Steps To Address Insider Threat, but Challenges Remain

August 1, 2014 Comments off

Domestic Nuclear Detection Office Has Taken Steps To Address Insider Threat, but Challenges Remain
Source: U.S. Department of Homeland Security, Office of Inspector General

We reviewed the efforts of the Domestic Nuclear Detection Office (DNDO) to address the risk posed by trusted insiders. Our objective was to assess DNDO’s progress toward protecting its information technology assets from threats posed by its employees, especially those with trusted or elevated access to sensitive, but unclassified information systems or data.

Steps are underway to address and mitigate the insider risk at DNDO. Specifically, the Department of Homeland Security (DHS) Acting Under Secretary of Intelligence and Analysis established an Insider Threat Task Force to develop a program to address the risk of insider threats for DHS, including DNDO. In addition, the DHS Office of Intelligence and Analysis has detailed a counterintelligence officer to DNDO to help mitigate espionage‐related insider risks. The DHS Office of Intelligence and Analysis routinely briefs DNDO on counterintelligence awareness, including insider threat indicators. In addition, DNDO provides security awareness training to its employees and contractors regarding security‐related topics that could help prevent or detect the insider risk. In September 2013, the DHS Office of the Chief Security Officer began a comprehensive vulnerability assessment of DNDO assets, which includes identifying insider risks and vulnerabilities. The DHS Security Operations Center monitors DNDO information systems and networks to respond to potential insider based incidents. Finally, the DHS Special Security Programs Division handles and investigates security incidents, including those types attributed to malicious insiders.

Additional steps to address the insider risk at DNDO are required. Specifically, DNDO needs to implement insider threat procedures, upon receipt of policy issued by the DHS Office of the Chief Information Officer (OCIO) that defines roles and responsibilities for addressing insider risks to unclassified networks and systems. DNDO also needs to provide documentation that clearly shows the effectiveness of controls or processes in place to detect and respond to unauthorized data exfiltration from DNDO unclassified information technology assets via email services provided by the DHS OCIO.

DNDO can strengthen processes and controls for its own technology infrastructure. They can disable portable media ports on controlled information technology assets where there is no legitimate business need. DNDO can apply critical security patches to these assets and perform periodic security assessments of controlled sites to identify any indication of unauthorized wireless devices or connections to DHS networks.

DHS OIG — Oversight of Unaccompanied Alien Children

July 31, 2014 Comments off

Oversight of Unaccompanied Alien Children (PDF)
Source: U.S. Department of Homeland Security, Office of Inspector General
From press release (PDF):

The Office of Inspector General (OIG), Department of Homeland Security (DHS), today issued the first of a series of reports on conditions at detention centers being used to temporarily house unaccompanied alien children.

The report is based on 87 unannounced site visits conducted by OIG agents from July 1-16 at 63 detention centers in Texas, Arizona and California, largely operated by Customs and Border Protection. The OIG’s oversight of the detention centers is ongoing and reports will be issued monthly.

The OIG’s findings are contained in a memorandum from Inspector General John Roth to Homeland Security Secretary Jeh C. Johnson.

OIG Agents checked the sites for sanitation, availability of medical care, food services and other factors. Sites and their staff were found to be largely in compliance with rules and regulations. Some problems were identified, including children requiring treatment for communicable diseases and DHS employees who have become ill from contact with their charges.

Fire/EMS Department Operational Considerations and Guide for Active Shooter and Mass Casualty Incidents

July 23, 2014 Comments off

Fire/EMS Department Operational Considerations and Guide for Active Shooter and Mass Casualty Incidents (PDF)
Source: U.S. Fire Administration

This guide is a fire and emergency medical services (EMS) resource that can be used to support planning and preparation for active shooter and mass casualty incidents. These complex and demanding incidents may be well beyond the traditional training and experience of the majority of firefighters and emergency medical technicians. The U.S. Fire Administration offers this guide as one source of many available for the public safety community, but it takes into consideration the diverse local service levels available across America. In developing the guide, we consulted with individuals and groups engaged in fire and pre-hospital emergency medical services, law enforcement, and hospital medical and trauma care. We also consulted with public safety organizations and numerous federal agencies.

U.S. Naturalizations: 2013

July 10, 2014 Comments off

U.S. Naturalizations: 2013
Source: U.S. Department of Homeland Security

Naturalization is the process by which U.S. citizenship is conferred upon foreign citizens or nationals after fulfilling the requirements established by Congress in the Immigration and Nationality Act (INA). After naturalization, foreign-born citizens enjoy nearly all the same benefits, rights and responsibilities that the Constitution gives to native-born U.S. citizens, including the right to vote. This Office of Immigration Statistics Annual Flow Report presents information on the number and characteristics of foreign nationals aged 18 years and over who were naturalized during FY 2013.

CRS — The DHS S&T Directorate: Selected Issues for Congress

June 30, 2014 Comments off

The DHS S&T Directorate: Selected Issues for Congress (PDF)
Source: Congressional Research Service (via University of North Texas Digital Library)

Policy makers generally believe that science and technology can and will play significant roles in improving homeland security. When Congress established the Department of Homeland Security (DHS), through the Homeland Security Act of 2002 (P.L. 107-296), it included the Directorate of Science and Technology (S&T) to ensure that the new department had access to science and technology advice and research and development (R&D) capabilities.

The S&T Directorate is the primary organization for R&D in DHS. It conducts R&D in several DHS laboratories and funds R&D conducted by other government agencies, the Department of Energy national laboratories, academia, and the private sector. Additionally, the directorate supports the development of operational requirements and oversees the operational testing and evaluation of homeland security systems for DHS. The Homeland Security Act of 2002 provided direction and broadly defined functions for the Under Secretary for Science and Technology and the S&T Directorate. Within this broad statutory framework, congressional and executive branch policy makers face many challenges, including balancing funding for R&D activities, which may not result in a deployable product for many years, with other near-term homeland security needs.

DHS OIG — Radio Frequency Identification Security at USCIS Is Managed Effectively, But Can Be Strengthened

June 18, 2014 Comments off

Radio Frequency Identification Security at USCIS Is Managed Effectively, But Can Be Strengthened (PDF)
Source: U.S. Department of Homeland Security, Office of Inspector General
From Spotlight (PDF):

We determined that United States Citizenship and Immigration Services (USCIS) has effectively managed the implementation of RFID technology We determined that USCIS has effectively managed the implementation of RFID technology measures to minimize the risk of using RFID enabled permanent resident cards. For example, USCIS has granted its card production system the authority to operate, evaluated privacy implications of using the system, and ensured that no personal data is transmitted by permanent resident cards. However, USCIS had not deployed timely security patches on the servers and workstations that support RFID processes, assessed annually on the effectiveness of security controls implemented on the system that produces RFID cards, or ensured employees producing these cards receive the mandatory annual privacy awareness training.

CRS — Coast Guard Polar Icebreaker Modernization: Background and Issues for Congress

June 17, 2014 Comments off

Coast Guard Polar Icebreaker Modernization: Background and Issues for Congress (PDF)
Source: Congressional Research Service (via Federation of American Scientists)

The Coast Guard’s FY2013 budget initiated a new project for the design and construction of a new polar icebreaker. The project received $7.609 million in FY2013 and $2.0 million in FY2014. The Coast Guard’s proposed FY2015 budget requests $6 million to continue initial acquisition activities for the ship.

Coast Guard polar icebreakers perform a variety of missions supporting U.S. interests in polar regions. The Coast Guard’s two existing heavy polar icebreakers—Polar Star and Polar Sea— have exceeded their originally intended 30-year service lives. Polar Star was placed in caretaker status on July 1, 2006. Congress in FY2009 and FY2010 provided funding to repair it and return it to service for an additional 7 to 10 years of service; the repair work was completed and the ship was reactivated on December 14, 2012. On June 25, 2010, the Coast Guard announced that Polar Sea had suffered an unexpected engine casualty; the ship was unavailable for operation after that. The Coast Guard placed Polar Sea in commissioned, inactive status on October 14, 2011.

The Coast Guard’s third polar icebreaker—Healy—entered service in 2000. Compared to Polar Star and Polar Sea, Healy has less icebreaking capability (it is considered a medium polar icebreaker), but more capability for supporting scientific research. The ship is used primarily for supporting scientific research in the Arctic.

See also: Coast Guard Cutter Procurement: Background and Issues for Congress (PDF)

U.S. Coast Guard releases report of investigation of the sinking of the tall ship Bounty

June 15, 2014 Comments off

U.S. Coast Guard releases report of investigation of the sinking of the tall ship Bounty
Source: U.S. Coast Guard

Today the U.S. Coast Guard released its report of investigation of the October 2012 sinking of the tall ship Bounty, during which one crewmember died and another remains missing and is presumed dead, off the coast of Cape Hatteras, N.C.

The findings in the report conclude that a combination of faulty management and crew risk assessment procedures contributed to the sinking. Specifically, choosing to navigate a vessel in insufficient material condition in close proximity to an approaching hurricane with an inexperienced crew was highlighted.

DHS OIG — FEMA Could Realize Millions in Savings by Strengthening Policies and Internal Controls Over Grant Funding for Permanently Relocated Damaged Facilities

June 14, 2014 Comments off

FEMA Could Realize Millions in Savings by Strengthening Policies and Internal Controls Over Grant Funding for Permanently Relocated Damaged Facilities (PDF)
Source: U.S. Department of Homeland Security, Office of Inspector General
From Spotlight (PDF):

FEMA could realize millions of dollars in cost savings by strengthening its policies, procedures, and internal controls over Public Assistance grant funding provided for permanently relocated damaged facilities. FEMA’s present policies and procedures do not effectively address how FEMA should use program income to offset permanently relocated facility costs. For example, such a revised policy could have saved an estimated $17.8 million in project costs. Also, internal controls were not in place to determine when applicants received program income to offset permanently relocated facility costs.

Alert — GameOver Zeus P2P Malware

June 5, 2014 Comments off

GameOver Zeus P2P Malware
Source: US-CERT

GameOver Zeus (GOZ), a peer-to-peer (P2P) variant of the Zeus family of bank credential-stealing malware identified in September 2011, [1] uses a decentralized network infrastructure of compromised personal computers and web servers to execute command-and-control. The United States Department of Homeland Security (DHS), in collaboration with the Federal Bureau of Investigation (FBI) and the Department of Justice (DOJ), is releasing this Technical Alert to provide further information about the GameOver Zeus botnet.

See also: GameOver Zeus Botnet Disrupted (FBI)

CBP — Use of Force Policy, Guidelines and Procedures Handbook

June 4, 2014 Comments off

Use of Force Policy, Guidelines and Procedures Handbook (PDF)
Source: U.S. Customs and Border Protection

A. General Guidelines

1. CBP policy on the use of force by Authorized Officers/Agents is derived from constitutional law, as interpreted by federal courts in cases such as Graham v. Connor, 490 U.S. 386 (1989) and Tennessee v. Garner, 471 U.S. 1 (1985), federal statutes and applicable DHS and CBP policies.

2. Authorized Officers/Agents may use “objectively reasonable” force only when it is necessary to carry out their law enforcement duties.

3. The “reasonableness” of a particular use of force is based on the totality of circumstances known by the officer/agent at the time of the use of force and weighs the actions of the officer/agent against the rights of the subject, in light of the circumstances surrounding the event. Reasonableness will be judged from the perspective of a reasonable officer/agent on the scene, rather than with the 20/20 vision of hindsight.

4. The calculus of reasonableness embodies an allowance for the fact that law enforcement officers/agents are often forced to make split-second decisions – in circumstances that are tense, uncertain, and rapidly evolving – about the amount of force that is necessary in a particular situation.

5. A use of force is “necessary” when it is reasonably required to carry out the Authorized Officer’s/Agent’s law enforcement duties in a given situation, considering the totality of facts and circumstances of such particular situation. A use of deadly force is “necessary” when the officer/agent has a reasonable belief that the subject of such force poses an imminent danger of death or serious physical injury to the officer/agent or to another person.

6. An Authorized Officer/Agent may have to rapidly escalate or de-escalate through use of force options, depending on the totality of facts and circumstances of the particular situation.

7. Based on the totality of circumstances, different officers/agents may have different responses to the same situation, any of which may be both reasonable and necessary. The level of force applied must reflect the totality of circumstances surrounding the situation, including the presence of imminent danger to the officer/agent or others.

8. If feasible, and if to do so would not increase the danger to the officer/agent or others, a verbal warning to submit to the authority of the officer/agent shall be given prior to the use of force. If a particular situation allows for the issuance of a verbal warning, the officer/agent:
a. Should have a reasonable basis to believe that the subject can comprehend and comply with the warning; and
b. Allow sufficient time between the warning and the use of force to give the subject a reasonable opportunity to voluntarily comply with the warning.

9. Following any incident involving the use of force, Authorized Officers/Agents shall seek medical assistance for any person who appears, or claims to be, injured.

See also: DHS OIG — CBP Use of Force Training and Actions To Address Use of Force Incidents (PDF; redacted)

CRS — FEMA’s Disaster Relief Fund: Overview and Selected Issues

May 14, 2014 Comments off

FEMA’s Disaster Relief Fund: Overview and Selected Issues (PDF)
Source: Congressional Research Service (via Federation of American Scientists)

The Robert T. Stafford Emergency Relief and Disaster Assistance Act (P.L. 93-288, as amended) authorizes the President to issue declarations for incidents ranging from destructive, large-scale disasters to more routine, less damaging events. Declarations trigger federal assistance in the forms of various response and recovery programs under the Stafford Act to state, local, and tribal governments. The Federal Emergency Management Agency’s (FEMA) Disaster Relief Fund (DRF) is the primary funding source for disaster response and recovery.

Funds from the DRF are used to pay for ongoing recovery projects from disasters occurring in previous fiscal years, meet current emergency requirements, and as a reserve to pay for upcoming incidents. The DRF is funded annually and is a “no-year” account, meaning that unused funds from the previous fiscal year (if available) are carried over to the next fiscal year. In general, when the balance of the DRF becomes low, Congress provides additional funding through both annual and supplemental appropriations to replenish the account.

CRS — Chemical Facility Security: Issues and Options for the 113th Congress (updated)

May 1, 2014 Comments off

Chemical Facility Security: Issues and Options for the 113th Congress (PDF)
Source: Congressional Research Service (via Federation of American Scientists)

The Department of Homeland Security (DHS) has statutory authority to regulate chemical facilities for security purposes. The 113th Congress extended this authority through October 4, 2014. Congressional policymakers have debated the scope and details of reauthorization and continue to consider establishing an authority with longer duration. Some Members of Congress support an extension, either short- or long-term, of the existing authority. Other Members call for revision and more extensive codification of chemical facility security regulatory provisions. Questions regarding the current law’s effectiveness in reducing chemical facility risk and the sufficiency of federal chemical facility security efforts exacerbate the tension between continuing current policies and changing the statutory authority.

CRS — Implementation of Chemical Facility Anti-Terrorism Standards (CFATS): Issues for Congress

April 22, 2014 Comments off

Implementation of Chemical Facility Anti-Terrorism Standards (CFATS): Issues for Congress (PDF)
Source: Congressional Research Service (via Federation of American Scientists)

The Department of Homeland Security (DHS) implements the Chemical Facility Anti-Terrorism Standards (CFATS) regulations, which regulate security at high-risk facilities possessing more than certain amounts of one or more chemicals of interest. Facilities possessing more than the specified amount must register with DHS through this program (a process known as the Top- Screen) and perform security-related activities. The DHS identifies a subset of high-risk chemical facilities from among those that register. These high-risk chemical facilities must submit a security vulnerability assessment, which DHS uses to confirm their high-risk designation, and a site security plan, which DHS then authorizes. The DHS also inspects high-risk chemical facilities for adherence to their submitted site security plans and later for compliance with these plans following DHS approval. The DHS regulates approximately 4,300 facilities under this program and is in the process of implementing requirements for security vulnerability assessment, site security planning, and inspection.

The DHS has had challenges meeting its own projections and congressional expectations regarding program performance, raising questions about its ability to achieve steady-state regulatory implementation.

New: Residential Building Electrical Fires (2009-2011)

April 15, 2014 Comments off

New: Residential Building Electrical Fires (2009-2011) (PDF)
Source: U.S. Fire Administration

Findings from this report:

  • An estimated 25,900 residential building electrical fires were reported to fire departments within the United States each year. These fires caused an estimated 280 deaths, 1,125 injuries and $1.1 billion in property loss.
  • Residential building electrical fires resulted in greater dollar loss per fire than residential building nonelectrical fires.
  • In 79 percent of residential building electrical fires, the fire spread beyond the object where the fire started.
  • The leading items most often first ignited in residential building electrical fires were electrical wire/cable insulation (30 percent) and structural member or framing (19 percent).

State Fire Death Rates and Relative Risk

April 9, 2014 Comments off

State Fire Death Rates and Relative Risk
Source: U.S. Fire Administration

The fire problem varies from region to region in the United States. This often is a result of climate, poverty, education, demographics, and other causal factors. Perhaps the most useful way to assess fire fatalities across groups is to determine the relative risk of dying in a fire. Relative risk compares the per capita rate for a particular group (e.g., Pennsylvania) to the overall per capita rate (i.e., the general population). The result is a measure of how likely a group is to be affected. For the general population, the relative risk is set at 1.

In addition to the District of Columbia, the states with the highest relative risk in 2010 included West Virginia, Alabama and Mississippi. The populace of West Virginia was 3.3 times more likely to die in a fire than the general population; however, people living in Oregon, Massachusetts and Arizona were 50 percent less likely to die in a fire than the population as a whole. Twenty-three states and the District of Columbia had a relative risk higher than that of the general population. Three states, Iowa, Washington and New Mexico, had a relative risk comparable to that of the general population.

Relative risk was not computed for HI, ME, ND, VT and WY due to small numbers of fire deaths which are subject to variability.

Residential Building Garage Fires (2009-2011)

April 2, 2014 Comments off

Residential Building Garage Fires (2009-2011) (PDF)
Source: U.S. Fire Administration

An estimated 6,600 residential building garage fires were reported to United States fire departments each year and caused an estimated 30 deaths, 400 injuries and $457 million in property loss.

Findings from this report:

  • Residential building garage fires are considered part of the residential fire problem and comprised about 2 percent of all residential building fires.
  • Fires originating in residential building garages tend to be larger and spread farther than fires that start in other areas of a residence.
  • Of residential building garage fires, 93 percent occurred in one- and two-family residential buildings.
  • The leading causes of residential building garage fires were “electrical malfunction” (16 percent); “other unintentional, careless” action (15 percent); and “open flame” (11 percent).
  • Residential building garage fires occurred most often in the colder months of January and December (at 10 percent each). Additionally, residential building garage fires also peaked in July at 10 percent.
  • Electrical arcing was the most common heat source in residential building garage fires (17 percent).

New From the GAO

March 28, 2014 Comments off

New GAO Reports
Source: Government Accountability Office

1. Spectrum Management: FCC’s Use and Enforcement of Buildout Requirements. GAO-14-236, February 26.
http://www.gao.gov/products/GAO-14-236
Highlights – http://www.gao.gov/assets/670/661154.pdf

2. DHS Asset Forfeiture: Additional Actions Could Help Strengthen Controls over Equitable Sharing. GAO-14-318, March 28.
http://www.gao.gov/products/GAO-14-318
Highlights – http://www.gao.gov/assets/670/662079.pdf

Follow

Get every new post delivered to your Inbox.

Join 893 other followers