The Office of Inspector General (OIG) has issued its annual report summarizing the most serious management and performance challenges facing the Department of Homeland Security (DHS) and assessing its progress addressing them. The report points out that these challenges remain largely unchanged from fiscal year 2020.
On pandemic performance, OIG reminded DHS of the watchdog’s unannounced inspections that consistently identified weaknesses in measures to prevent COVID-19 outbreaks at Immigration and Customs Enforcement (ICE) detention centers. Other reviews this year have included COVID-19 management efforts, and oversight of funding fraud.
Assessing work completed to date, OIG said DHS is working to implement its recommendations for COVID-19 protocols in its ICE detention centers and offering detainees vaccinations, as well as improving its COVID-19 response at the southwest border.
In addition, OIG has found that DHS has provided “significant logistical support” to stakeholders to fulfill requests for PPE. Responses to OIG recommendations also show that DHS has implemented centralized processes to manage department-wide pandemic funding and PPE supplies to ensure greater oversight and control.
OIG has also assessed DHS’ counterterrorism efforts. Earlier this year, OIG discovered that, although the Transportation Security Administration (TSA) has developed a deployment strategy based on risk for Explosives Detection Canine Teams at airports, there is no such strategy for surface transportation. Further, TSA has yet to complete implementation of the 9/11 Act and TSA Modernization Act to develop strategies, programs, regulations, reports, and other initiatives to strengthen transportation security.
OIG finds that DHS is “working to improve its resource allocation models and coordination strategies” in relation to these shortcomings. DHS is also working to update its assessments to optimize the United States’ defense against bioterrorism; improve cooperative agreements with stakeholders; update detection capability; and conduct, document, and assess exercises. However, OIG noted that more work is needed at U.S. Customs and Border Protection (CBP) with regards to mail inspection and physical security.
Overall, to meet its counterterrorism objectives, the OIG report says “DHS needs to remain committed to effective threat assessment methods and law enforcement collaboration, as well as internal control development, including useful and relevant goals, performance indicators, metrics, measures, corrective action plan implementation, and deliberate improvement.”
Earlier this year, OIG found that DHS’ information security program for Top Secret/Sensitive Compartmented Information intelligence systems is effective. However, the watchdog identified deficiencies in some areas and also found that DHS has not yet strengthened its cybersecurity posture by implementing a Continuous Diagnostics and Mitigation program.
In its recent assessment, OIG found that DHS has provided effective oversight of the department-wide intelligence system and has implemented programs to monitor ongoing security practices. DHS is also working to update relevant plans, address identified vulnerabilities, and continue to improve configuration and patch management. The DHS Office of the Chief Information Officer told OIG that it holds monthly meetings with Component CIOs to focus on information security improvements related to security authorizations, weakness remediation, reducing vulnerabilities, and ensuring prompt installation of software patches, among other things.
According to OIG’s assessment, DHS still needs to develop systems, assets, processes, and capabilities to reduce threat, increase visibility into Federal cyber posture, and improve response capabilities.
On critical infrastructure, OIG said DHS is improving coordination efforts and outreach to a broad spectrum of stakeholders. The watchdog added that it is in the process of assessing coordination efforts at the Federal Emergency Management Agency (FEMA) and the Cybersecurity and Infrastructure Security Agency to improve energy sector resilience.
To address financial management and oversight weaknesses identified by OIG, DHS is working to improve compliance with requirements set forth in laws, regulations, directives, and policies by strengthening oversight, internal control, data quality, and transparency. OIG found that DHS has taken steps toward remediating issues OIG previously reported, including in Financial Statement Audit reports.
DHS has also undertaken a Financial Systems Modernization program which is intended to replace outdated systems across the Department. To date, a modernized financial management system has been deployed to the Countering Weapons of Mass Destruction Office and TSA, and according to DHS, the United States Coast Guard is on schedule to be deployed in early FY 2022.
According to OIG, DHS continues to struggle to provide technology support for personnel, system functionality and integration, address deficiencies, identify and prioritize systems for modernization, and ensure data is accurate and reliable for strategic decision makers. The watchdog has found “a pattern of control deficiencies, outdated or incorrectly configured systems, and inadequate operator training”.
DHS said it is working to dedicate necessary resources to oversight, controls, configuration management, modernization, and strategic capability deployment.
When assessing FEMA’s contracts and grant management, OIG has previously identified a pattern of grantee and subgrantee oversight weakness, insufficient systems to process information and data, inadequate policies and guidance, and improper payments. In addition, OIG has found “persistent, systemic shortcomings” in FEMA’s disaster response and assistance.
In its annual report assessment, OIG notes that while DHS and FEMA continue to address the many recommendations made, they should analyze systemic weaknesses across the spectrum of disaster-related funding and services and make overarching improvements in risk assessment, controls, policies, systems and applications, resources, training, and collaboration with stakeholders.
Finally, OIG found that DHS has generally made progress in its acquisition oversight processes and controls through implementation of a revised acquisition management directive. DHS is working to update acquisition policy and guidance, including specific guidance on developing operational requirements and sharing lessons learned across acquisitions programs. OIG wants the DHS Office of Program Accountability and Risk Management to continue to strengthen oversight of acquisitions programs to ensure they are in compliance with all key steps in the Acquisition Lifecycle Framework and other requirements and guidance.