US flag signifying that this is a United States Federal Government website Official website of the Department of Homeland Security

Cybersecurity

  • (U) Evaluation of DHS' Compliance with Federal Information Security Modernization Act Requirements for Intelligence Systems for Fiscal Year 2018

    Executive Summary

    We determined that DHS' information security program for Top Secret/Sensitive Compartmented Information intelligence systems is effective this year as the Department achieved “Level 4 – Managed and Measurable” in three of five cybersecurity functions, based on current reporting instructions for intelligence systems. However, we identified deficiencies in DHS’ overall patch management process and the Cybersecurity and Infrastructure Security Agency’s weakness remediation and security awareness training activities.
     

    We made one recommendation to the Office of Intelligence and Analysis and two recommendations to the Cybersecurity and Infrastructure Security Agency to address the deficiencies identified. DHS concurred with all three recommendations.

    Report Number
    OIG-19-34-UNSUM
    Issue Date
    DHS Agency
    Oversight Area
    Fiscal Year
    2019
  • Progress Made, But Additional Efforts are Needed to Secure the Election Infrastructure

    Executive Summary

    Prompted by the suspicious cyber activities on election systems in 2016, Secretary Jeh Johnson designated the election infrastructure as a subsector to one of the Nation’s existing critical sectors. Our audit objective was to evaluate the effectiveness of the Department’s efforts to coordinate with states on securing the Nation’s election infrastructure. DHS has taken some steps to mitigate risks to the Nation’s election infrastructure; however, improved planning, more staff, and clearer guidance could better facilitate the Department’s coordination with state and local officials. Specifically, despite Federal requirements, DHS has not completed the plans and strategies critical to identifying emerging threats and mitigation activities, or established metrics to measure progress in securing the election infrastructure. Senior leadership turnover and insufficient guidance and administrative staff have hindered DHS’ ability to accomplish such planning.

    Report Number
    OIG-19-24
    Issue Date
    Document File
    DHS Agency
    Oversight Area
    Fiscal Year
    2019
  • Major Management and Performance Challenges Facing the Department of Homeland Security

    Executive Summary

    Annual report, Major Management and Performance Challenges Facing the Department of Homeland Security. Pursuant to the Reports Consolidation Act of 2000, the Office of Inspector General is required to issue a statement that summarizes what the Inspector General considers to be the most serious management and performance challenges facing the agency and briefly assess the agency’s progress in addressing those challenges. We acknowledge past and ongoing efforts by Department’s senior leadership to address the challenges identified in this report. At the same time, our aim in this report is two-fold to identify areas that need continuing focus and improvement and to point out instances in which senior leadership’s goals and objectives are not executed throughout the Department. We highlight persistent management and performance challenges that hamper the Department’s efforts to accomplish the homeland security mission efficiently and effectively.

    Report Number
    OIG-19-01
    Issue Date
    Document File
    DHS Agency
    Oversight Area
    Fiscal Year
    2019
  • (U) S&T Has Taken Steps to Address Insider Threats, But Management Challenges Remain

    Executive Summary

    We conducted our review of the Science and Technology’s (S&T) insider threat program between January 2017 and June 2017.  S&T is the primary research arm of the Department of Homeland Security (DHS).  Its mission is to strengthen the Nation’s security and resiliency by providing knowledge products and innovative solutions to support DHS mission operations.  Specifically, Congress created S&T in 2003 to conduct basic and applied research, development, demonstration, testing, and evaluation activities relevant to any or all elements of the Department.  S&T oversees laboratories where scientists perform mission-critical research on chemical and biological threats, radiological and nuclear detection, animal diseases, transportation security, and explosives trace identification.  S&T employees, contractors, and business partners—especially those with special or elevated privileges—can potentially use their inside knowledge and access to exploit vulnerabilities and cause harm to mission-critical systems and operations.  We made nine recommendations that, if implemented, should strengthen S&T’s management of insider threat risks.  The Department concurred with all of the recommendations.

    Report Number
    OIG-18-89-UNSUM
    Issue Date
    DHS Agency
    Oversight Area
    Fiscal Year
    2018
  • CBP Has Not Ensured Safeguards for Data Collected Using Unmanned Aircraft Systems

    Executive Summary

    In December 2014, OIG previously reported on the effectiveness and cost of the UAS program.2 Our report disclosed CBP had not developed performance measures needed to accurately assess program effectiveness and make informed decisions. CBP also did not recognize all UAS operating costs and, as such, the Congress and public may be unaware of the amount of resources invested in the program. This audit determined that CBP has not ensured effective safeguards for surveillance information, such as images and video, collected on and transmitted from its UAS. Without a privacy assessment, CBP could not determine whether ISR Systems contained data requiring safeguards per privacy laws, regulations, and DHS policy. CBP’s failure to implement adequate security controls according to Federal and DHS policy could result in potential loss of confidentiality, integrity, and availability of ISR Systems and its operations.

    Report Number
    OIG-18-79
    Issue Date
    Document File
    DHS Agency
    Oversight Area
    Fiscal Year
    2018
  • Fiscal Year 2017 Evaluation of DHS' Compliance with Federal Information Security Modernization Act Requirements for Intelligence Systems

    Executive Summary

    Pursuant to the Federal Information Security Modernization Act of 2014, we reviewed the Department’s security program, including its policies, procedures, and system security controls for the enterprise-wide intelligence system. Since our FY 2016 evaluation, the Office of Intelligence and Analysis (I&A) has continued to provide effective oversight of the department-wide intelligence system and has implemented programs to monitor ongoing security practices. In addition, the United States Coast Guard is in the process of migrating its intelligence users to a system that is jointly managed by the Defense Intelligence Agency and the National Geospatial Agency.

    Report Number
    OIG-18-59
    Issue Date
    Document File
    DHS Agency
    Oversight Area
    Fiscal Year
    2018
  • Evaluation of DHS' Information Security Program for Fiscal Year 2017

    Executive Summary

    We reviewed DHS’ information security program in accordance with the Federal Information Security Modernization Act of 2014 (FISMA). Our objective was to determine whether DHS’ information security program and practices were adequate and effective in protecting the information and information systems that supported DHS’ operations and assets in fiscal year 2017.

    Report Number
    OIG-18-56
    Issue Date
    Document File
    DHS Agency
    Oversight Area
    Fiscal Year
    2018
  • Special Review: Swearing-In Ceremony of David J. Glawe, DHS Under Secretary for Intelligence and Analysis

    Executive Summary

    Department of Homeland Security (DHS) Under Secretary for Intelligence and Analysis (USIA) David J. Glawe used a personal email account to send an invitation to his ceremonial swearing-in event to staff members of the United States Senate Committee on Homeland Security and Governmental Affairs. Because the invitation came from a non-DHS email account and resembled a phishing email, Senator Claire McCaskill asked the DHS Office of Inspector General to review the circumstances surrounding the invitation

    Report Number
    OIG-18-55
    Issue Date
    Document File
    DHS Agency
    Oversight Area
    Fiscal Year
    2018
  • Biennial Report on DHS’ Implementation of the Cybersecurity Act of 2015

    Executive Summary

    The Department faces challenges to effectively sharing cyber threat information across Federal and private sector entities. Without acquiring a cross-domain information processing solution and automated tools, DHS cannot analyze and share threat information timely. Further, without enhanced outreach, DHS cannot increase participation and improve coordination of information sharing across Federal and private organizations.
     

    Report Number
    OIG-18-10
    Issue Date
    Document File
    DHS Agency
    Oversight Area
    Fiscal Year
    2018
  • Review of DHS' Information Security Program for Intelligence Systems for Fiscal Year 2017 (U)

    Executive Summary

    We evaluated the Department of Homeland Security’s (DHS) enterprise-wide security program for Top Secret/Sensitive Compartmented Information intelligence systems. Pursuant to the Federal Information Security Modernization Act of 2014, we reviewed the Department’s security program, including its policies, procedures, and system security controls for the enterprise-wide intelligence system. This report was issued to the Office of the Inspector General of the Intelligence Community (IC IG).

    Report Number
    OIG-17-109
    Issue Date
    Document File
    DHS Agency
    Oversight Area
    Fiscal Year
    2017
Subscribe to Cybersecurity

Would you like to take a brief survey regarding our site?