Report: DHS Had "Significant" I.T. Security WeaknessesBy Baselinemag | Posted 2006-09-04 Email Print
Modernizing Authentication — What It Takes to Transform Secure Access
More than four years after the Sept. 11 attacks, the U.S.'s key antiterror agency was unable to get its information security programs up to snuff, according to a report from the agency's Office of Inspector General.
The Department of Homeland Security, which melded together 22 federal departments in 2002, had "significant information security weaknesses" that limited its ability to ensure the confidentiality and integrity of internal information as of September 2005, according to a report from the agency's Office of Inspector General.
The report was part of a financial audit of DHS for the fiscal year ended September 2005 but wasn't released publicly until July. The disclosure of the agency's information security gaps came shortly before British authorities announced in August that they had disrupted a plot by 24 Islamic terrorists to blow up several transatlantic airliners.
The report noted that DHS had fixed many I.T. shortcomings identified the previous year. But the Office of Inspector General still found a number of security problems, including:
"Collectively, these I.T. control weaknesses limit DHS' ability to ensure that critical financial and operational data is maintained in such a manner to ensure confidentiality, integrity and availability," the report said.
DHS did not respond to requests for comment by press time. But the inspector general's report said the agency's chief information officer, Scott Charbo, generally agreed with the report's findings and has committed to taking unspecified "corrective actions."