From: AllVoices.com
By PJesep
The Office of Inspector General (IG) for the US Department of State (DOS) issued this week a scathing audit blasting the Bureau of Information Resource Management, Office of Information Assurance (IRM/OI), which was created to “address the information security requirements” outlined in the E-Government Act of 2002. The report highlights another example of waste, redundancy and a federal bureaucracy needing greater oversight.
According to the report, “IRM/IA is responsible for the department’s cyber security program; information assurance policies, standards and guidelines; and compliance with national security directives…The response of IRM/IA to these evolving requirements is critical to the department’s information security posture.”
The IG’s findings indicate serious problems undermining IRM/IA’s ability to fulfill its statutory duties. One of the recommendations included something as basic and fundamental as developing a strategic plan and mission statement.
In the past seven years, regulations remain for the most part outdated, despite the rapid changes in technology and the ongoing efforts to confront terrorism. In cases where there are regulatory changes, they are done, according to the report, “with little coordination and collaboration with other offices within the department that play a role in formation security functions.”
It has mishandled the certification and accreditation process to such an extent it has “contributed to expired authorizations to operate 52 of the department’s 309 systems.”
The IG also found the agency lacked “adequate management controls and procedures to monitor its contracts, task orders and blanket purchase agreements, which have an approximate value of $79 million.” This included “not overseeing contracts effectively. Responsibilities…are assigned to individuals without the technical expertise to review the work …”
There were 32 formal recommendations in the report and another four informal recommendations. The informal recommendations noted the obvious because the obvious required stating like “develop an information packet for incoming personnel.”
Perhaps the most damning conclusion in the report: “The current workload of IRM/IA does not justify its organizational structure, resources, or status as an IRM directorate.” One interpretation of such a cryptic finding is to get rid of the IRM/IA.
Ironically, tracking and developing profiles on Americans using their purchases, license plates numbers and telephone numbers dialed and received has a better chance at combating terrorism than overhauling an inept, bloated, unresponsive bureaucracy.
In addition, before someone calls for higher taxes for anyone, rich, middle class, or working poor, for a new program or preventing cuts in services for a program, there should be serious consideration about re-allocating existing resources. Let’s start with how the money now spent on IRM/IA can be bettered used.
Paul Jesep is a policy analyst, corporate chaplain, and author of “Lost Sense of Self & the Ethics Crisis: Learn to Live and Work Ethically”.
PJesep is based in Schenectady, New York, United States of America, and is an Anchor for Allvoices.
Leave a Reply