An audit by the Department of Homeland Security’s Office of Inspector General (OIG) revealed significant risks within the learning management systems used by the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Law Enforcement Training Centers (FLETC). The audit found that both agencies employed a contractor, referred to as Contractor A, who was identified as having poor cybersecurity practices. Despite this, CISA and FLETC have not taken adequate steps to address the deficiencies.
The OIG issued a management alert urging CISA and FLETC to take immediate action to mitigate the risks posed by Contractor A’s involvement. The unaddressed control deficiencies could expose sensitive personally identifiable information (PII) and law enforcement training data to potential compromise.
The findings highlight a broader concern about the security of critical information within DHS’s systems, especially given the sensitive nature of the data handled by CISA and FLETC. The alert underscores the need for these agencies to reassess their reliance on high-risk contractors and to prioritize the protection of sensitive information.
The ongoing audit emphasizes the importance of strengthening cybersecurity practices across DHS to safeguard operations, assets, and individual privacy. Without prompt action, the vulnerabilities identified could lead to significant security breaches, compromising not only the data but also the effectiveness of the agencies involved.
