The Department of Homeland Security’s U.S. Citizen and Immigration Services has made progress securing its cyber networks from potential insider threats.
However, gaps in security still remain, including one that could allow malicious insiders to tamper with digital immigration records.
A far-reaching security audit of USCIS, undertaken by the Software Engineering Institute at Carnegie Mellon University singled out the Transformation program at Immigration and Customs Enforcement as one of the most vulnerable.
The findings revealed the department had not taken enough steps to secure the digitized immigration paperwork, which– if tampered with –could grant access to terrorists or other malcontents, Federal News Radio reported.
The multimillion-dollar Transformation program, designed to digitize immigration records, has been plagued by work delays that have caused it to run 10 years behind schedule, InformationWeek reported.
Despite the over-runs, DHS appears to be leaning heavily on the program “to correct many of the problems resulting from legacy systems,” according to InformationWeek.
But, the recent IG report may put a new wrinkle in the program.
Specifically, the report found while the Transformation program encompassed risk management, it had failed to adequately account for the risk from the insider threat.
“USCIS should incorporate comprehensive insider threat risk mitigation requirements into the Transformation effort,” the report found.
Insider threat risk mitigation in the federal government received a jolt of attention following the revelations that a so-called insider — an allegedly disgruntled Army private — was reported to have leaked classified materials to whistle-blower site WikiLeaks.