The Department of Homeland Security has taken a number
of key steps toward implementing its data network
designed to share information with state and local
governments and classified information with federal
agencies, but a new report from the DHS inspector
general sees evidence of a rush job.
It praised the department for establishing a program
management office for development and implementation,
carrying out tasks in the planning, requirements,
definition and design process, defining the HSDN system
concept, identifying “some” user requirements and
awarding a contract for the system’s design, development,
testing and implementation.
It also said DHS used an “appropriate approach” to HSDN
acquisition. It awarded a contract to Northrop Grumman
last year for up to $350 million to initiate the project.
However, according to the report, the homeland CIO,
thinking the Department of Defense would cut off DHS from
the Defense secure network on December 31, set an
aggressive timeframe to implement the new system which
prevented the DHS from “adequately completing critical
system development requirements.”
The IG said collection and documentation methods for
functional and security needs during the requirements
definition phase of the new network do not ensure user
needs at the 600 test sites would be met.
The report added, “security implementation requirements
and essential testing had not been completed one month
prior to deployment,” and that without completing and
documenting these activities early enough to allow
review and adjustment, “DHS does not have assurance
that HSDN complies with security standards and policies.”
It recommended that the DHS CIO ensure users are
involved in defining requirements in future phases of
the implementation, and verify that all necessary
activities and documents, including certification,
accreditation, and security control testing be completed
before deployment.
