ImmigrationDigital immigration system lacks protection against insider threats

Published 2 March 2011

A recent DHS Inspector General report found that the department lacks an effective strategy to protect its automated immigration system from insider threats; the investigation found that the department had not taken adequate security measures to secure paperwork sparking fears that terrorists could manipulate the forms to enter the country; the report was released on the same day that the FBI arrested a Saudi Arabian citizen legally in the United States for planning an explosive chemical attack in Texas; USCIS has not yet offered its plans to deal with the program’s vulnerability.

A recent DHS Inspector General report found that the department lacks an effective strategy to protect its automated immigration system from insider threats.

DHS is currently undertaking a $2.4 billion effort to digitize the U.S Citizenship and Immigration Services’ (USCIS) current paper based systems for processing visas and other documents. The new will help improve customer service, detect fraud, and automate work flow.

The program, dubbed Transformation, has been delayed for almost a decade and has exceeded its initial cost estimate by nearly two billion dollars.

 

The recent Inspector General investigation found that the department had not taken adequate security measures to secure paperwork, sparking fears that terrorists could manipulate the forms to enter the country.

The report was released on the same day that the FBI arrested a Saudi Arabian citizen legally in the United States for planning an explosive chemical attack in Texas.

The report stated that “Insiders at USCIS have perpetrated fraud in the past,” and that “USCIS insiders are capable of granting legal residency or citizenship status to someone who poses a national security risk to the United States.”

Frank Deffer, the assistant Inspector General for information technology audits, said that the project’s vulnerability to insider threats was one of the “most prevalent, high impact areas of concern” for the program.

Deffer found that based on a “review of the requirements for fraud detection and national security issues, it appears there are no requirements to address insider threats.”

To address this gap in security, the report recommended that “USCIS should incorporate comprehensive insider threat risk mitigation requirements into the Transformation effort.”

In response to the report, Lauren Kielsmeier, the acting deputy director of USCIS, said the agency agreed with the findings and found the report useful in moving forward.

USCIS has not yet offered its plans to deal with the program’s vulnerability.

The DHS Inspector General’s office said, “USCIS did not provide information on how it intends to address our recommendations. Therefore we consider our recommendations unresolved and open pending our review of USCIS’ corrective action plans.”