The U.S. Department of Homeland Security failed to meet user needs or to conduct enough security testing by rushing development of a secure network for sensitive data, according to a report by the DHS inspector general.
The Homeland Secure Data Network (HSDN) aims to bring together disparate classified networks into a single integrated network for sharing top secret data among DHS intelligence-gathering units and other government agencies involved in homeland security.
According to the IG report, DHS officials believed the Department of Defense (DOD) planned to terminate DHS' access to the DOD secure network by last December.
Consequently, the DHS CIO set a rapid nine-month timeframe for implementing HSDN, which rushed the methods for making sure functional and security needs of users at the 600 sites would be met, the IG wrote.
"Further, security implementation requirements and essential testing had not been completed one month prior to deployment," the IG reported. "Without completing and documenting these activities in sufficient time for review and adjustment to eliminate or mitigate risk, DHS does not have assurance that HSDN complies with security standards and practices."
The IG recommended that DHS ensure users are involved in the process of defining requirements for HSDN and also verify that all documents, such as certification through security control testing, are completed prior to system deployment. DHS agreed with the recommendations.
Northrop Grumman has been hired to design, develop and implement HSDN using functional and security requirements from DHS.