U.S. gov’t department details IT audit plans for 2006

Richard Skinner, the inspector general of the U.S. Department of Homeland Security, plans to conduct more than 12 audits of IT programs and operations in 2006, according to a recently released performance plan.

As part of that plan, the DHS’s Office of Information Technology will conduct audits and evaluations of the department’s information management, cyber infrastructure and systems integration activities.

For example, the Office of Information Technology (OIT) plans to look at whether security controls are effective in protecting personal information for the systems supporting the Transportation Worker Identification Credentialing (TWIC) program. Under that program, which was established in December 2001, some transportation workers are issued a standardized, secure identification card that allows them unescorted access to secure areas of the nation’s transportation system — as well as access to computer-based information systems involved in the security of the transportation system.

The OIT also wants to determine whether the DHS has adequate security controls in place over the Automated Commercial Environment (ACE), which collects, processes and analyzes commercial import and export data. ACE simplifies dealings between U.S. Customs and Border Patrol and the trade community by automating time-consuming and labor-intensive transactions to move goods through ports faster and cheaper.

In the Science and Technology area, Skinner’s office will evaluate whether that DHS agency has established security controls for the sensitive information systems and data housed at the Plum Island Animal Disease Center on New York’s Long Island. The OIT also hopes to determine the status of the DHS’s initiatives, applications and progress in integrating automated surveillance system technologies to respond to modern-day threats; the department’s progress in research and project application related to its goals and performance measures; the issues and challenges that exist for DHS deployment of this functionality; and whether there are sufficient management controls in place or planned to ensure compliance with security, privacy laws and policies and biometric standards.

The inspector general is also planning to audit DHS operations for information sharing related to critical infrastructure protection. Skinner’s office hopes to determine whether DHS strategies and tools for working with private industry would be effective in the event of a failure of, or attack on, critical sector operations. In addition, the OIG is set to review just how effectively the DHS shares disaster response and counter-terrorist information with state and local governments.

The OIT will also review the DHS’s Infrastructure Transformation Project Strategy and Implementation, which spells out how DHS’s IT infrastructure will move from a decentralized delivery model to a centralized and shared IT infrastructure services model for all of its agencies. Skinner also wants to determine whether DHS has established adequate security policies and procedures to safeguard laptop computers — as well as the data stored in those computers.

Skinner’s office also plans to determine whether the DHS has effectively managed the use of RFID technology to protect mission-critical data and information systems from unauthorized data. The DHS is using RFID technology to track and identify assets, weapons and baggage on flights.

In the wake of problems sharing information between various government entities after Hurricane Katrina hit the Gulf coast last year, the OIG also plans to determine how effective DHA has been at ensuring effective communications to support future disaster response and recovery.