Cybersecurity
- Report NumberOIG-22-06Issue DateDocument FileDHS AgencyOversight AreaFiscal Year2022
DHS Has Secured the Nation's Election Systems, but Work Remains to Protect the Infrastructure
Report NumberOIG-21-01Issue DateDocument FileDHS AgencyOversight AreaFiscal Year2021Evaluation of DHS' Information Security Program for Fiscal Year 2019
Report NumberOIG-20-77Issue DateDocument FileDHS AgencyOversight AreaFiscal Year2020DHS Made Limited Progress to Improve Information Sharing under the Cybersecurity Act in Calendar Years 2017 and 2018
Executive SummaryThe Cybersecurity and Infrastructure Security Agency (CISA) increased the number of Automated Indicator Sharing (AIS) participants as well as the volume of cyber threat indicators it has shared since the program’s inception in 2016. However, CISA made limited progress in improving the overall quality of information it shares with AIS participants to effectively reduce cyber threats and protect against attacks. The lack of progress can be attributed to the limited number of AIS participants sharing cyber indicators with CISA, delays in receiving cyber threat intelligence standards, and insufficient staff. To be more effective, CISA should hire the staff it needs to provide outreach, guidance, and training. We made four recommendations to CISA to enhance the program’s overall effectiveness and cyber threat information sharing. CISA concurred with all four recommendations.
Report NumberOIG-20-74Issue DateDocument FileDHS AgencyOversight AreaFiscal Year2020Former Acting Inspector General for the U.S. Department of Homeland Security Indicted on Theft of Government Property and Scheme to Defraud the United States Government
For Information Contact
Public Affairs (202) 254-4100
For Immediate Release
Download PDF (84.94 KB)A federal grand jury in the District of Columbia returned a 16-count indictment against a former Acting Inspector General for the U.S. Department of Homeland Security (DHS) and a former subordinate for their alleged theft of proprietary software and confidential databases from the U.S. government as part of a scheme to defraud the U.S. government.
Assistant Attorney General Brian A. Benczkowski of the Justice Department’s Criminal Division, U.S. Attorney Timothy J. Shea for the District of Columbia, DHS Inspector General Joseph V. Cuffari and Inspector General Tammy L. Whitcomb for the U.S. Postal Service (USPS) made the announcement.
The indictment charges Charles K. Edwards, 59, of Sandy Spring, Maryland, and Murali Yamazula Venkata, 54, of Aldie, Virginia, with conspiracy to commit theft of government property and to defraud the United States, theft of government property, wire fraud, and aggravated identity theft. The indictment also charges Venkata with destruction of records.
According to the allegations in the indictment, from October 2014 to April 2017, Edwards, Venkata, and others executed a scheme to defraud the U.S. government by stealing confidential and proprietary software from DHS Office of Inspector General (OIG), along with sensitive government databases containing personal identifying information (PII) of DHS and USPS employees, so that Edwards’s company, Delta Business Solutions, could later sell an enhanced version of DHS-OIG’s software to the Office of Inspector General for the U.S. Department of Agriculture at a profit. Although Edwards had left DHS-OIG in December 2013, he continued to leverage his relationship with Venkata and other DHS-OIG employees to steal the software and the sensitive government databases.
The indictment further alleges that, in addition to stealing DHS-OIG’s software and the sensitive government databases, Venkata and others also assisted Edwards by reconfiguring his laptop so that he could properly upload the stolen software and databases, provided troubleshooting support whenever Edwards required it, and helped him build a testing server at his residence with the stolen software and databases, which contained PII. As further part of the alleged scheme, Edwards retained software developers in India for the purpose of developing his commercial alternative of DHS-OIG’s software.
The indictment is the result of an ongoing investigation by DHS-OIG and USPS-OIG and is being prosecuted by Trial Attorney Victor R. Salgado of the Criminal Division’s Public Integrity Section and Assistant U.S. Attorney David B. Kent of the U.S. Attorney’s Office for the District of Columbia.
An indictment is merely an allegation and all defendants are presumed innocent until proven guilty beyond a reasonable doubt in a court of law.
The year 2020 marks the 150th anniversary of the Department of Justice. Learn more about the history of our agency at www.Justice.gov/Celebrating150Years.
TopicDHS AgencyOversight AreaDHS Needs to Improve Cybersecurity Workforce Planning
Report NumberOIG-19-62Issue DateDocument FileDHS AgencyOversight AreaFiscal Year2019Evaluation of DHS' Information Security Program for Fiscal Year 2018
Executive SummaryDHS’ information security program was effective for fiscal year 2018 because the Department earned the targeted maturity rating, “Managed and Measurable” (Level 4) in four of five functions, as compared to last year’s lower overall rating, “Consistently Implemented” (Level 3). We attributed DHS’ progress to improvements in information security risk, configuration management practices, continuous monitoring, and more effective security training. By addressing the remaining deficiencies, DHS can further improve its security program ensuring its systems adequately protect the critical and sensitive data they store and process.
Report NumberOIG-19-60Issue DateDocument FileDHS AgencyOversight AreaKeywordsFiscal Year2019Review of CBP Information Technology System Outage of January 2, 2017 (Redacted)
Report NumberOIG-18-19Issue DateDocument FileDHS AgencyOversight AreaFiscal Year2018(U) Evaluation of DHS' Compliance with Federal Information Security Modernization Act Requirements for Intelligence Systems for Fiscal Year 2018
Executive SummaryWe determined that DHS' information security program for Top Secret/Sensitive Compartmented Information intelligence systems is effective this year as the Department achieved “Level 4 – Managed and Measurable” in three of five cybersecurity functions, based on current reporting instructions for intelligence systems. However, we identified deficiencies in DHS’ overall patch management process and the Cybersecurity and Infrastructure Security Agency’s weakness remediation and security awareness training activities.
We made one recommendation to the Office of Intelligence and Analysis and two recommendations to the Cybersecurity and Infrastructure Security Agency to address the deficiencies identified. DHS concurred with all three recommendations.
Report NumberOIG-19-34-UNSUMIssue DateDocument FileDHS AgencyOversight AreaKeywordsFiscal Year2019Progress Made, But Additional Efforts are Needed to Secure the Election Infrastructure
Executive SummaryPrompted by the suspicious cyber activities on election systems in 2016, Secretary Jeh Johnson designated the election infrastructure as a subsector to one of the Nation’s existing critical sectors. Our audit objective was to evaluate the effectiveness of the Department’s efforts to coordinate with states on securing the Nation’s election infrastructure. DHS has taken some steps to mitigate risks to the Nation’s election infrastructure; however, improved planning, more staff, and clearer guidance could better facilitate the Department’s coordination with state and local officials. Specifically, despite Federal requirements, DHS has not completed the plans and strategies critical to identifying emerging threats and mitigation activities, or established metrics to measure progress in securing the election infrastructure. Senior leadership turnover and insufficient guidance and administrative staff have hindered DHS’ ability to accomplish such planning.
Report NumberOIG-19-24Issue DateDocument FileDHS AgencyOversight AreaKeywordsFiscal Year2019