DHS oversight body finds data handling concerns across department agencies
“Persistent” data collection and management issues hinder daily use of large, diverse databases for decision-making across Department of Homeland Security (DHS) agencies, according to its Office of Inspector General (OIG).
DHS‘ OIG reviewed reports between fiscal 2017 and 2019 for recurring and systemic data issues and found 70 instances of integrity, reliability and availability problems throughout more than one-third of reports.
“[F]ollow-through and continued improvement will be essential to address the internal control issues underlying the data deficiencies we highlighted,” read the OIG’s report, which was issued Monday. “Only then can the department be assured it captures reliable and accurate data to accomplish its mission responsibilities.”
The OIG flagged 82 internal control deficiencies across five categories that have reduced the quality of data: security and technical controls, program and operational oversight, guidelines and processes, system design and functionality, and training and resources.
In response, DHS rebuffed the report’s findings, but said there would always be opportunities to improve the use of its data assets.
“DHS strongly disagrees with the report’s overly broad conclusion that personnel ‘do not have essential information they need for decision-making or to effectively and efficiently carry out day-to-day mission operations.
“The OIG provides no direct evidence nor, to our knowledge, completed any analysis with the level of methodological rigor necessary to support this conclusion,” the department’s GAO/OIG liaison office said.
Previous reports by the DHS OIG have identified data security deficiencies, and established that they put financial data at risk of unauthorized access and disclosure. They show also that a number of national security systems lacked current Authorities to Operate (ATOs).
Other information identified to be at risk in prior reports include: unmanned aircraft data within Customs and Border Protection’s Intelligence, Surveillance, and Reconnaissance Systems, personally identifiable data in the Office of Health Affairs’ Electronic Patient Care Reporting system and BioWatch portal.
Case management and investigative data in Secret Service systems, immigration data in U.S. Citizenship and Immigration Services’ CLAIMS3, and cybersecurity data in the National Protection and Programs Directorate’s unclassified and top secret Mission Operating Environment systems, have also previously found to be at risk.
In addition, inaccurate and incomplete data meant the Office of the Chief Human Capital Officer had trouble conducting a cybersecurity workforce analysis that counted and coded contractors and tracked training efforts, according to a prior report.
DHS OIG has suggested looking to the department’s IT Strategic Plan and Enterprise Data Strategy, which expires this year, as well as the Federal Data Strategy to continue modernizing systems.
“[M]anagement should design information systems and controls to ensure the data recorded is accurate and valid,” the report said. “DHS requires the integration of quality into every phase of information management including creation, collection, maintenance and dissemination.”