An annual report issued by the Department of Homeland Security’s (DHS) Office of Inspector General (OIG) flags leadership stability and cybersecurity issues among the “most serious management and performance challenges” facing the agency currently.
Other issues in the “most serious” category include: coordinating efforts to address migrants seeking to enter the U.S. on the southern border; improving disaster response and recovery efforts carried out by the Federal Emergency Management Agency (FEMA); and ensuring financial planning, payments, and internal controls.
None of those issues appear to be brand-new problems – as OIG indicated it has reported on them in previous audits, inspections, special reviews, and investigations – but they do appear to be persistent ones.
On the leadership front, OIG said DHS suffers at the senior management level from a lack of “permanent, Presidentially Appointed, and Senate confirmed officials” that are typically “responsible for driving necessary change.” The report said that as of September, 18 of 58 DHS senior leadership posts were filled by “acting” officials.
“More broadly, DHS and its roughly 240,000 employees work in an environment marked by high attrition, changing mandates, and difficulties implementing permanent plans, procedures, and programs,” OIG said.
In discussing cybersecurity at DHS, OIG noted that the agency’s FY2018 FISMA audit showed improvements from the prior year, and said that “by addressing remaining deficiencies, DHS can further improve its security program to ensure its systems adequately protect the critical and sensitive data they store and process.”
At the same time, however, OIG pointed to an August 2019 FEMA audit in which it said the agency has not implemented effective IT oversight practices, and a May 2019 report saying that U.S. Citizenship and Immigration Services (USCIS) has not implemented an effective process to track adjudicative decisions and ensure data integrity in its Computer Linked Application Information Management System.
Regarding election security, OIG said DHS took steps in 2018 to mitigate risks to election infrastructure, but said that “improved planning, more staff, and clearer guidance could facilitate its coordination with states.” OIG continued, “Senior leadership turnover and a lack of guidance and administrative status hindered DHS’ ability to accomplish this planning. DHS needs to address and resolve these issues to ensure effective guidance, unity of effort, and a well-coordinated approach to securing the Nation’s election infrastructure.”
OIG also said DHS has not fully met its requirements in the Cybersecurity Workforce Assessment Act to assess its cybersecurity workforce and develop a strategy to assess workforce gaps. The agency watchdog attributed that lack of progress to internal and external factors “including legislation that created overlapping and new requirements for cybersecurity workforce planning and reporting and DHS falling behind in responding to these mandates.”
“Without a complete cybersecurity workforce assessment and strategy, DHS cannot provide assurance it has the appropriate skills, competencies, and expertise positioned across its components to carry out its critical cybersecurity functions in the face of ever-expanding cybersecurity threats,” OIG said, adding, “DHS concurred with our recommendations.”
In a response to the OIG report, DHS said that “many of the OIG-identified management and performance challenges generally comport with challenges that the Department is already aware of and working to address.”