CISA cannot demonstrate how its oversight has improved Dams Sector security and resilience because CISA has not coordinated or tracked its Dams Sector activities, updated overarching national critical infrastructure or Dams Sector plans, and collected and evaluated performance information on Dams Sector activities. Furthermore, we found that CISA does not consistently provide information to FEMA to help ensure its assistance addresses the most pressing needs of the Dams Sector. CISA and FEMA also do not coordinate their flood mapping information. Finally, CISA does not effectively use the Homeland Security Information Network Critical Infrastructure Dams Portal to provide external Dams Sector Stakeholders with critical information. We recommended that CISA update the Dams Sector-Specific Plan, its internal organization structures, and establish performance metrics to determine its impact on the Dams Sector. We also recommended it coordinate with FEMA on its grants and flood mapping systems. Finally, we recommended CISA implement a strategy to use the HSIN-CI Dams portal to its fullest potential. We made five recommendations to update CISA’s Sector-Specific Plan, internal organization structures, and coordination with FEMA that, when implemented, will improve dam security and resilience. CISA concurred with all five recommendations.
Consistent with CDC guidance, most Office of Inspector General employees are currently serving the American people remotely. We are determined to keep interruptions to our operations to a minimum, and we appreciate your patience during this time.
Information and guidance about COVID-19 is available at coronavirus.gov.
- Executive SummaryReport NumberOIG-21-59Issue DateDocument FileDHS AgencyKeywordsFiscal Year2021
- Executive Summary
DHS’ information security program was effective for fiscal year 2018 because the Department earned the targeted maturity rating, “Managed and Measurable” (Level 4) in four of five functions, as compared to last year’s lower overall rating, “Consistently Implemented” (Level 3). We attributed DHS’ progress to improvements in information security risk, configuration management practices, continuous monitoring, and more effective security training. By addressing the remaining deficiencies, DHS can further improve its security program ensuring its systems adequately protect the critical and sensitive data they store and process.Report NumberOIG-19-60Issue DateDocument FileDHS AgencyOversight AreaKeywordsFiscal Year2019