Skip to content
June 14, 2013

Report: DHS Must Do More to Meet its Cybersecurity Responsibilities

(WASHINGTON) – Today, Rep. Bennie G. Thompson (D-MS), Ranking Member of the Committee on Homeland Security, released the below statement in response to a Department of Homeland Security Office of Inspector General (DHS OIG) report on cybersecurity at the Department of Homeland Security. The report, entitled "DHS Can Take Actions To Address Its Additional Cybersecurity Responsibilities" is an audit of the National Protection and Programs Directorate (NPPD), the office in DHS which houses the Office of Cybersecurity and Communications.

The audit sought to determine whether NPPD had effectively implemented cybersecurity responsibilities it gained as a result of a 2010 decision by the Office of Management and Budget (OMB) and Executive Order 13618, issued by the President in 2012. Taken together, these actions placed DHS in charge of overseeing the federal information security program The IG found that DHS has taken solid steps in improving the information security posture at government agencies by evaluating agency compliance and conducting information security assessments. However, DHS lacks a strategic plan for implementing long term goals. Additionally, DHS' communication and coordination with federal agencies needs improvement. Further, the IG found that the department does not have an effective system in place to ensure that their contractor systems administrators receive proper security training.

The IG made six recommendations – and the Department agreed with all of them and has started their implementation.

Congressman Thompson released the following statement on the report:

"This report shows that while DHS is realizing its role as the primary agency charged with securing federal government systems from cyber attack, it still hasn't taken common sense steps in efficiency and efficacy. Since we know that DHS has a longstanding overreliance on contractors, it is puzzling that DHS has not taken the solid steps to ensure its contractor workforce gets proper security training. With the recent national security leak revelations involving a contractor at NSA, we no longer have to speculate about whether contractors are capable of leaking sensitive information. On several occasions, DHS has indicated its intention to hire federal civilian workers to address its cybersecurity responsibilities—both internally and throughout the Federal government. This timely report makes clear that DHS must address this weakness immediately."

Link to Report 

#   #   # 

Media Contact: Adam Comis at (202) 225-9978