An extensive, embarrassing, and alarming Federal oversight report finds major problems with the Department of Homeland Security, detailing funds spent on spa trips, no plan for an Ebola pandemic, Federal guards untrained in weapons screening, incompetent cybersecurity practices and strategies, and little proof that the DHS is doing anything to make us safer.
The report's "Dear Taxpayer" introduction states, "Based upon the available evidence, DHS is not successfully executing any of its five main missions. Many of DHS's programs, in fact, are ineffective and should be reconsidered."
One key finding states Department of Homeland Security "spent $50 billion over the past eleven years on counterterrorism programs, including homeland security grants and other anti-terror initiatives, but the department cannot demonstrate if the nation is more secure as a result."
The Edward Snowden revelations have rocked governments, global businesses, and the technology world. Here is our perspective on the still-unfolding implications along with IT security and risk management best practices that technology leaders can put to good use.Read now
Each assessment of the DHS Five Top Missions -- Preventing Terrorism and Improving Security, Securing and Managing Our Borders, Enforcing and Administering Our Immigration Laws, Safeguarding and Securing Cyberspace and Strengthening National Preparedness and Resilience -- is a shocking litany of failures and incompetence, corruption and disinterest, characterizing the DHS as an ineffective and inefficient program of questionable worth.
This week, the President's new cybersecurity initiatives specifically name DHS intelligence and information sharing programs -- yet the report states that "DHS's Intelligence and Information Sharing Programs Provide Little Value".
The report says the DHS is "lousy" at cybersecurity, and stresses that the DHS is a "dysfunctional culture" -- one outlined especially in an ominous section on DHS corruption.
See also: New report: DHS is a mess of cybersecurity incompetence
It details misspent and wasted money on spa junkets, 99 percent of chemical facilities uninspected, a range of cybersecurity failings, and a nation protected by largely untrained government contractors who literally don't know what to do if someone leaves a bomb outside a Federal building or pulls out a gun and starts shooting.
Another key finding is that "DHS spends more than $700 million annually to lead the federal government's efforts on cybersecurity, but struggles to protect itself and cannot protect federal and civilian networks from the most serious cyber attacks."
The report -- "A Review of the Department of Homeland Security's Missions and Performance" -- spearheaded by (now-resigned) Senator Tom Coburn, a member of the Senate Homeland Security and Governmental Affairs Committee since 2005, also expressed grave concern for the rights of American citizens under the DHS.
"DHS's [leaders] must focus on respecting American citizens' constitutional rights and focusing on the proper role of the federal government to restore and earn their trust."
Senator Coburn explained,
This report is a comprehensive overview of oversight conducted over the past decade to measure how well DHS is achieving its mission, operating its programs, spending taxpayer funds, complying with the law, and respecting the boundaries established to limit the federal government and protect the rights of law abiding U.S. citizens. (...) The analysis is based upon independent information and evidence as well as oversight conducted by my office and other watchdogs.
The report stated, "A review of DHS's counterterrorism and domestic security initiatives raises a series of questions about the value and effectiveness of DHS's programs."
For example, DHS has spent more than a half a billion dollars over the past seven years on its program to create standards for and regulate the security of chemical facilities at risk of potential terrorist attacks.
But the program has experienced significant problems, and 99 percent of all the chemical facilities that were supposed to be overseen by the program had not been inspected as of June 2014.
The DHS has apparently failed at counterterrorism across the board.
The Obama administration's intelligence sharing programs, a key piece of new cybersecurity legislation the President is set to introduce, are apparently standing failures.
"Independent reviews -- including audits and investigations by watchdogs -- show that DHS's intelligence and analysis programs, including its state and local fusion centers and other information sharing programs, are ineffective or providing little value."
The report details,
It is not clear that the DHS programs designed to prevent terrorist attacks -- including its intelligence, information sharing, and preparedness grants programs -- are making the nation safer or accomplishing DHS's stated priority mission.
Likewise, DHS's initiatives aimed at improving domestic security from potential terrorist attacks have a history of problems, and there are questions about their effectiveness or utility.
DHS's technology initiatives and programs designed to monitor and detect chemical, biological, radiological, or nuclear attacks have not proven to be effective or cost-efficient, and billions of dollars have been spent on these initiatives."
One recommendation the report stresses as 'important' is that "Congress must give the Secretary of Homeland Security the authority to lead, manage, and reform the Department and change its dysfunctional culture."
The misspending of DHS grant funds veers into the territory of ridiculous.
One 2012 report cited in the damning DHS review, "identified many examples of states and localities making questionable purchases with homeland security grant funds. Tulsa, Oklahoma used Urban Areas Security Initiative (UASI) grant funding to harden a county jail and purchase a color printer. Columbus, Ohio used DHS grant funds to purchase an underwater robot. UASI funding was also used to pay first responders to attend a five day spa junket."
In the report, we also find out that the DHS lacked a department-wide border security plan until 2014 (which appeared after Sen. Coburn requested one from DHS in 2013).
The DHS doesn't have a plan for an Ebola outbreak, either. "The American public became acutely aware of the horrific potential of a low-probability, high-impact pandemic or serious health threat during the 2014 outbreak of Ebola in West Africa, and the arrival of the disease in the United States."
"Despite its responsibilities related to pandemics, DHS has only one pandemic plan, for pandemic influenza, and has not updated it since September 2006."
Corruption in DHS border security divisions is a significant and well-documented problem, according to the review (and in the press). "In 2011, the DHS Office of Inspector General had 600 open investigations examining CBP employees. In 2012, the OIG transferred 370 cases involving CBP and ICE employees to ICE's internal investigative office, due to the then-Acting Inspector General's concerns that the OIG was unable to manage the workload."
"A review of DHS documents made available to the Committee reveals that DHS has also identified corruption within its own ranks as a problem that must be overcome."
U.S. taxpayers are told by the report that chances are pretty good that the person screening us when we enter federal buildings isn't trained to screen for weapons or bombs -- nor are they trained on how they should react if someone pulls out a gun and starts shooting.
(...) in 2013, GAO reported that one contract security company that FPS uses reported that 38 percent of its guards did not receive training to use X-ray and magnetometer screening from FPS, which is the process for screening people for weapons or explosives entering a building, and some officers who did not receive this training were working at screening posts.
In 2014, GAO reported that FPS still is not providing training for how to respond to an active shooter scenario.
The following excerpt describes how untrained Federal security guards handled a bomb they found outside a Federal building -- by shaking it, and later leaving it unattended for three weeks.
A Department of Homeland Security OIG Report issued in August 2012 reviewed an incident at the Patrick V. McNamara Federal Building in Detroit. Contract security officers found a bag containing an improvised explosive device outside of the building.
The guards brought the bag, which contained a locked safe, inside the building. They attempted to determine the contents of the bag by "shaking and moving the metal safe inside the bag," which contained the IED, and X- raying the bag.
The Inspector General reports that the security guards placed the bag and its contents at their security console for a period of 21 days.
Not surprisingly, FEMA is still a mess.
Similarly, oversight of the more than $38 billion that the Federal Emergency Management Agency (FEMA) has spent on homeland security grants -- which were originally intended to improve our ability to prevent terrorist attacks -- reveals that DHS has not effectively tracked how these funds are spent and federal dollars often subsidizes routine (and in some cases questionable) expenditures by states, localities, and other groups.
(...) For example, over the past eight years, taxpayers have spent more than half a billion dollars on DHS's Chemical Facilities Anti-Terrorism Standards (CFATS) program, yet the Department has not set up an effective chemical security regulatory program or measurably reduced the risk of an attack on our chemical infrastructure.
The report also criticized DHS handling of the Boston Marathon bombing, itself described as a major terrorist attack.
In the reports and reviews after the attack, "the DHS review does not identify actions that the Department or its components should have taken to prevent the Boston Marathon bombing attack and provides few "lessons learned" or recommendations for how DHS can play a constructive role in preventing future terrorist attacks."
The 12-year assessment of the DHS concludes that the DHS is less focused on preventing attacks like the Boston tragedy, and has focused its mission more on recovering after damage has been done -- and lives lost.
"(...) the absence of an in-depth discussion in the "Lessons Learned" report about what additional roles DHS could play in preventing future terrorist attacks raises questions about whether counterterrorism -- and specifically, terrorism prevention -- truly is the Department's first mission, and whether that mission has transformed into preparing to recover from terrorist attacks."
The report doubts that key DHS cybersecurity programs are doing... much, if anything.
The Department of Homeland Security is not solely or even chiefly responsible for poor cybersecurity across the federal government. The White House, including the Office of Management and Budget, and senior agency leaders ultimately must hold each agency and its personnel accountable for ensuring that federal networks and information systems are secure.
However, evidence creates doubt that DHS's key programs for improving federal cybersecurity are yielding significant value.
The section on cybersecurity is titled: "The Department of Homeland Security is struggling to execute its responsibilities for cybersecurity, and its strategy and programs are unlikely to protect us from the adversaries that pose the greatest cybersecurity threat."
The report's section on cybersecurity is all bad news -- especially for fans of Obama's planned legislative cyberattack protections.
The chilling report on the DHS as a whole since its inception is more important than ever.
The DHS failings it reveals paints the picture of a nation incompetent at protecting its citizens and infrastructure, ill prepared to lead the world in counterterrorism -- or cybersecurity.
The DHS was loosely thrown together eleven days after September 11, 2001. In 2002 the collection of many different Federal agencies under the banner of Homeland Security officially became the DHS.
The Department of Homeland Security (DHS) is the result of the largest reorganization of government in more than half a century. The reorganization included the consolidation of components and offices from 22 different agencies to create a unified department focusing on homeland security.
In 2015, DHS will employ roughly 240,000 people, and spend nearly $61 billion. It is the third largest cabinet agency in government. Since 2003, the Department has spent approximately $544 billion on its programs.
Congress has assigned to DHS some of the federal government's most important responsibilities related to securing the nation, including terrorism prevention and protective security, transportation security, border security, immigration enforcement, cybersecurity, and disaster recovery.
Currently the DHS is in the middle of a funding fight between Republican GOP and the Obama Administration closely resembling a parental custody battle.
Senator Coburn commented, "One of the biggest challenges that Sec. Johnson and DHS face is Congress and its dysfunctional approach to setting priorities for the Department. Congress needs to work with the Department to refocus its missions on national priorities and give Secretary Johnson the authority to lead and fix the Department."
Unfortunately, the current spotlight on the DHS focuses on the issue of immigration and border security -- not the terrifying revelations in Senator Coburn's report.