A gathering of crows is called a murder. A bunch of kangaroos is called a mob. And a gathering of IGs is–no, not a nuisance–it’s called CIGIE–the Council of Inspectors General on Integrity and Efficiency. And, CIGIE’s annual Top Management and Performance Challenges–TPMC report–boiled down IG reports from 61 different agencies–and leads with IT and security management issues across the government.
Among the top areas of concern, the report issued on April 18 flags challenges in securing data and information systems generally, and points to challenges created by resource constraints.
The report further highlights vulnerabilities and resource shortfalls at the Social Security Administration, and challenges at the departments of Justice and Commerce on sharing classified or sensitive cybersecurity threat data.
It also flags insider threat risks–pointing to the fact that despite the Defense Department’s efforts to manage insider threat risks, two National Security Agency contractors in 2017 removed classified information, and in at least one instance, disclosed classified information.
The CIGIE report also warns of reliability, security, and other problems with legacy systems that support core functions at a variety of agencies.
It highlights reports from the Treasury Department’s Inspector General for Tax Administration–TIGTA–that some Internal Revenue Service hardware is three or four times older than industry standards. It also cites Justice IG reports that the Justice Security Operations Center is hampered by aging IT infrastructure that is past its useful life and is no longer supported. The Department of Homeland Security’s IG notes that aged prescreening systems used by its Customs and Border Protection group are damaging mission effectiveness, including inhibiting CBP’s ability to identify dodgy passengers. It also panned network outages that hamper air and marine surveillance operations.
The IGs also found that many agencies’ disaster response capabilities are themselves a bit of a disaster. The IG at Department of Interior found that data back-up systems could leave DoI without access to critical data should a computer fail or be compromised. Further, the Department of State’s IG noted that contingency plans for some overseas posts failed to meet departmental guidelines–and could negatively impact those posts’ ability to recover from IT incidents.
The CIGIE report also flagged cybersecurity workforce recruitment and retention issues across the Federal government, with the Department of Transportation’s IG noting that Federal and private sector demand for cybersecurity professionals is outpacing supply by 40,000 jobs in the U.S.
Even the IGs acknowledged struggles with their own IT at an April 18 hearing of the House Oversight and Government Reform Committee.
“I’ve looked to modernize our own systems and create systems that will give us, the public, and Congress greater oversight,” said Michael Horowitz, Efficiency Inspector General at DOJ and chair of the CIGIE.
“Congress would like to be a partner in seeing if we can get our IT systems working in a better way,” said Rep. Carolyn Maloney, D-N.Y. A good starting point would be funding, as the report notes among its observations that “the inadequate allocation of funding directly impacted the challenges.”
Other committee members saw the report as part of a larger trend. “This committee has the scorecard on FITARA… in terms of progress, this committee has yet to see it,” said Rep. Gerald Connolly, D-Va.
The next FITARA scorecard is due out at the end of May.