DHS has conducted about 2,800 security surveys and vulnerability assessments on critical infrastructure and key resources, but the department is not positioned to track the extent to which these are performed at high-priority facilities because of inconsistencies between the databases used to identify these assets and those used to identify surveys and assessments conducted, GAO has said.
It said it compared the two databases and found that of the 2,195 security surveys and 655 vulnerability assessments conducted for fiscal 2009 – 2011, 135 surveys and 44 assessments matched and another 106 surveys and 23 assessments were potential matches for high-priority facilities.
GAO could not match additional high-priority facilities because of inconsistencies in the way data were recorded in the two databases. For example, assets with the same company name had different addresses or an asset at one address had different names, according to GAO-12-378.
It said DHS officials have begun to address data inconsistencies but that the department does not have milestones and timelines for completing these efforts consistent with standards for project management.
DHS agreed with recommendations to develop plans for its efforts to improve the collection and organization of data and the timeliness of survey and assessment results, and gather and act upon additional information from asset owners and operators about why improvements were or were not made.
