2IÀFHRI,QVSHFWRU*HQHUDO

Transcription

1 2IÀFHRI,QVSHFWRU*HQHUDO Enhancements in Technical Controls and Training Can Improve the Security of CBP s Trusted Traveler Programs OIG September 2014

2 Washington, DC / September 10, 2014 MEMORANDUM FOR: FROM: SUBJECT: Charles R. Armstrong Assistant Commissioner and Chief Information Officer U.S. Customs and Border Protection Richard Harsche Acting Assistant Inspector General Office of Information Technology Audits Enhancements in Technical Controls and Training Can Improve the Security of CBP s Trusted Traveler Programs Attached for your information is our final report, Enhancements in Technical Controls and Training Can Improve the Security of CBP s Trusted Traveler Programs. We incorporated the formal comments from the U.S. Customs and Border Protection in the final report. The report contains two recommendations aimed at improving CBP s use of radio frequency identification technology in their Trusted Traveler Programs. Your office concurred with two recommendations. As prescribed by the Department of Homeland Security Directive , Follow Up and Resolutions for Office of Inspector General Report Recommendations, within 90 days of the date of this memorandum, please provide our office with a written response that includes your (1) agreement or disagreement, (2) corrective action plan, and (3) target completion date for each recommendation. Also, please include responsible parties and any other supporting documentation necessary to inform us about the current status of the recommendation. Based on information provided in management s response to the draft report, we consider both recommendations to be open and resolved. Once your office has fully implemented the recommendations, please submit a formal closeout request to us within 30 days so that we may close the recommendations. The request should be accompanied by evidence of completion of agreed upon corrective actions. Please a signed PDF copy of all responses and closeout requests to OIGITAuditsFollowup@oig.dhs.gov. Until your response is received and evaluated, the recommendations will be considered open and unresolved. Consistent with our responsibility under the Inspector General Act, we will provide copies of our report to appropriate congressional committees with oversight and

3 appropriation responsibility over the. We will post the report on our website for public dissemination. Please call me with any questions, or your staff may contact Chiu Tong Tsang, Director, Information Security Audit Division, at (202) Attachment 2 OIG

4 TableofContents ExecutiveSummary...1 Background...2 ResultsofAudit...4 ImprovementsNeededonSystemSecurityControls...6 Recommendation...8 ManagementCommentsandOIGAnalysis...8 SpecializedTrainingNeededtoEnsureSensitiveTTPDataisSecured.. 8 Recommendation...9 ManagementCommentsandOIGAnalysis 10 Appendixes AppendixA:Objectives,Scope,andMethodology...11 AppendixB:ManagementCommentstotheDraftReport...13 AppendixC:MajorContributorstoThisReport...15 AppendixD:ReportDistribution...16 Abbreviations CBP U.S.CustomsandBorderProtection DHS DepartmentofHomelandSecurity FAST FreeAccessandSecureTrade PII personallyidentifiableinformation RFID RadioFrequencyIdentification SENTRI SecureElectronicNetworkforTravelersRapidInspection TTP TrustedTravelerPrograms OIGͲ14Ͳ139

5 ExecutiveSummary TheUnitedStatesCustomsandBorderProtection(CBP)employsradiofrequency identificationtechnologyinitstrustedtravelerprogramstoallowpreͳscreened travelersexpeditedprocessingatdesignatedportsofentry.radiofrequency identificationisaformofautomaticidentificationanddatacapturetechnologythat usesradiofrequenciestotransmitinformation.theflexibilityandportabilityofradio frequencyidentificationtechnologyhasintroducednewsecurityriskstoagency systems,suchascloningofanidentificationtagandthesecurityofthedatabasethat storespersonaldata.withouteffectivesecuritycontrolsandproceduresoverthis technologyanditssupportinginfrastructure,unauthorizedindividualscouldmodify identificationtagcontentoraccesssensitivedatastoredinthesystemdatabases. OuroverallobjectivewastodeterminewhetherCBPhaseffectivelymanagedthe implementationofradiofrequencyidentificationtechnology.inaddition,we determinedwhetherthecomponenthadimplementedeffectivecontrolstocomplywith DHSinformationsecurityprogramrequirements. CBPimplementedeffectivephysicalcontrolsoverthereadersandcomputerequipment supportingthetrustedtravelersystemsattheportsofentryvisited.also,cbp implementedeffectivecontrolsontheserversanddatabasethatsupportthetrusted TravelerPrograms.Further,CBPhadsecuredthepersonalinformationcollectedunder thecomponent strustedtravelerprogramsandminimizedtheriskofusingtheradio frequencyidentificationtechnologybyrestrictinginformationstoredonthetrusted travelercards. However,CBPcanmakefurtherimprovementsbyimplementingtherequiredsecurity settingsonthesystemthatsupportsitstrustedtravelerprograms.also,administrators thatmanagethesystemmustreceivespecializedtrainingannuallytoensurethatthey havetheskillsnecessarytosecurethedatacollectedunderthetrustedtraveler Programs. WearemakingtworecommendationstotheAssistantCommissionerandChief InformationOfficertoimprovethesecurityofitssystemsthatsupporttheTrusted TravelerPrograms.CBPconcurredwithallrecommendationsandhasbeguntotake actionstoimplementthem.cbp sresponsesaresummarizedandevaluatedinthebody ofthisreportandincluded,intheirentirety,asappendixb. 1 OIGͲ14Ͳ139

6 Background RadioFrequencyIdentification(RFID)isaformofautomaticidentificationanddata capturetechnologythatusesradiofrequenciestotransmitinformation.rfidtagsare affixedorembeddedtoitemstoprovideidentification.thetaghasauniqueidentifier thatcanholdadditionalinformation.devicesknownasrfidreaderscommunicate wirelesslywiththetagstoidentifytheitemsconnectedtoeachtagandreadorupdate additionalinformationstoredonthetag.thesystemoftagsandreadersisoften supportedbyservers,databases,andworkstations.figure1showsthecomponentsof anrfidsystem,includingatag,reader,anddatabase. RFIDTag RFIDReader Database Figure1.ComponentsofanRFIDsystem Tagsneedpowertoperformfunctions,suchassendingradiosignalstoareader,storing andretrievingdata,andperformingothercomputations.thefourtypesoftagsinclude: x Activetagshaveaninternalpowersourceandcantransmitoveragreater distance. x SemiͲactivetagsremaindormantuntiltheyreceiveasignalfromthereaderto activate. x Passivetagsdonotuseaseparateorexternalpowersource,butinsteadobtain operatingpowerfromthetagreader.passivetagsaretypicallycheaper,smaller, andlighterthanothertypesoftags. x SemiͲpassivetagsuseaninternalpowersourcetomonitorenvironmental conditionsandrequireradiofrequencyenergytransferredfromthereaderto poweratag sresponse. TheflexibilityandportabilityofRFIDtechnologyhasintroducednewsecurityrisksto agencysystems,suchascloningofanrfidtagandthesecurityofthedatabasethat 2 OIGͲ14Ͳ139

7 storespersonaldata. 1 Withouteffectivesecuritycontrolsandproceduresoverthis technologyanditssupportinginfrastructure,unauthorizedindividualscouldmodifytag contentoraccesssensitivedatastoredinthesystemdatabases. CBPemploysRFIDtechnologyaspartofitsTrustedTravelerPrograms(TTP)toallow preͳscreenedtravelersexpeditedprocessingatdesignatedportsofentry.cbpattaches anrfidtagineachttpcard.travelerswhowishtoparticipateinttpvoluntarilysubmit personallyidentifiableinformation(pii)throughawebͳbasedapplicationsystemcbp usestohandlettp senrollmentandvettingprocesses.cbpstoresapplicants data(e.g., biographicdata,facialphotographs,andbackgroundinvestigationresults)inadatabase. Attheborder,RFIDreadersscantheTTPcardsandusetheuniquenumberembeddedin eachcardtoretrievethetraveler sdatathroughanencryptednetwork.thecbpofficer usesthetraveler sinformationdisplayedonamonitortoauthenticatethetraveler s identity.cbpemploysrfidtechnologyinthefollowingthreesubprogramswithinttp: FreeAccessandSecureTrade(FAST) FASTisavailableforcommercialtruckdrivers,whohavecompletedfavorable backgroundchecksandfulfillcertaineligibilityrequirements,at17landportsofentry onthenorthernborderand17onthesouthernborderthatservecommercialcargo. ThemajorityofdedicatedFASTlanesarelocatedalongthenorthernborderportsin Michigan,NewYork,andWashington,andatsouthernborderportsfromCaliforniato Texas.AsofSeptember2013,therewereapproximately86,000driversapprovedfor thisprogram.figure2showsafastttpcard. Figure2.FASTTTPcard NEXUS NEXUSisavailableforpreͲapproved,lowͲrisktravelersbetweentheU.S.andCanadavia theair,land,orseaenvironments.asofseptember2013,therewereapproximately 250,000travelersenrolledinNEXUS. 1 CloningistheillegitimateduplicationoftheinformationstoredintheRFIDtagportionoftheRFIDenabledcard. 3 OIGͲ14Ͳ139

8 SecureElectronicNetworkforTravelersRapidInspection(SENTRI) SENTRIisavailableforpreͲapproved,lowͲrisktravelersalongthesouthernlandborder. SENTRIisavailableforbothvehicleandpedestrianbordercrossers.Eachofthe participatingportshasdesignatedvehicleandpedestrianlanesforsentricardholders. VehiclesmustbepreͲinspected,registered,andissuedwithawindshielddecalfor bordercrossings.asofseptember2013,therewereapproximately91,000travelers enrolledinsentri.figure3showssentrirfidreadingequipmentandassociated borderlanes. Figure3.SENTRIRFIDreadingequipmentandborderlanes InMay2006,wereportedthatCBPhadnotimplementedeffectivecontrolstoprotect criticaldataprocessedbyitstrustedtravelersystems.inaddition,cbphadnot developedadequatepoliciesandprocedurestoensurethatsecuritycontrolswere implementedconsistentlybyallportsofentrytoprotectthetrustedtravelersystems. Lastly,CBPhadnotensuredthatitstrustedtravelersystemsfullycompliedwithall FederalInformationSecurityManagementActrequirements. 2 ResultsofAudit UsingRFIDToExpediteBorderCrossings CBPhasexpeditedbordercrossingsbyusingRFIDtechnologyforregisteredtravelers enrolledinthettp.inaddition,cbpmaintainstheintegrityofthettpthrougha stringentscreeningprocessthatincludesautomatedsearchesagainstmultiplelaw enforcementdatabases,24ͳhoursystemcheckstoverifystatusofenrolledtravelers, andrandomselectionsofregisteredtravelersforsecondaryinspection.further,cbp developedattphandbookthatincludesproceduresforinspectingtravelersattheports 2 CBP strustedtravelersystemsusingrfidtechnologyrequireenhancedsecurity(oigͳ06ͳ36,may2006). 4 OIGͲ14Ͳ139

9 ofentryandpoliciesforenrollingtravelersintothettp.toreducetheriskoftheftof PII,CBPstoresauniqueidentificationnumberembeddedinTTPcardsandlocksthe RFIDmemorychiptopreventmodificationofstoreddata. CBPhastakenthefollowingactionstocreateanenvironmentandinfrastructure necessarytoenhancelegitimatetradeandtravel: x Implementedeffectivephysicalcontrolsoverthereadersandcomputer equipmentsupportingthetrustedtravelersystemsattheportsofentryvisited. Specifically,wenotedthatreaderswereprotectedfromunauthorizedaccessina lockedboxandsupportinginformationtechnologyinfrastructure (i.e.,accesstothedatabaseandservers)arelocatedwithinagated,restricted accessfacility. x Establishedatestenvironmentthatsimulateslandborderinboundand outboundinspectionoperationstotestnewandexistingapplicationsatcbp s governmenttestlanefacility. PatchProgramSupportingtheTTP CBPhasimplementedaprogramtoapplysecuritypatchesontheserversanddatabases thatsupportthettp. 3 CBPhasdevelopedpoliciesandprocedurestooutlineitspatching andchangecontrolprocessestoapplychangestothesysteminacontrolledand coordinatedmanner.additionally,cbphasinstitutedavulnerabilityassessmentteam toconductsecurityassessmentsmonthlytoidentifymissingpatchesonitssystems. Lastly,CBPhascreatedtestingenvironmentstoobservetheeffectsofsecuritypatches priortodeployingtoproductionsystems. RFIDTagSecurity WeusedacommerciallyavailableRFIDtagreadertoaccesstheinformationstoredon TTPcardsatselectedportsofentryalongthenorthernandsouthernbordersand evaluatedtheeffectivenessofsecuritycontrolsimplementedonttpcards.we simulatedthesameprocessusedbycbp srfidreaderandattemptedtorecordttp enrollees informationwithourownreader,asthetravelersenteredthelanes.we verifiedthatcbpdidnotstoreanypiionthettpcardsandonlytheunique identificationnumberwaspresent.intheeventthatanattackerobtainedthis informationtoproduceaduplicatecard,cbpofficerscanminimizethethreatby 3 Asecuritypatchisanupdatedesignedtofixvulnerabilitiesinapplicationsoroperatingsystems. 5 OIGͲ14Ͳ139

10 verifyingthetravelers PIIandpicturepresentedontheirterminal.Weperformed testingateightportsofentry,withdifferentlanetypes,todetermineifcbpconsistently implementedtherfidtechnologyacrossthettp.figure4depictsportsofentryvisited andspecificttpsubprogramspresentattheseports. PortofEntry FAST SENTRI NEXUS RainbowBridge(NewYork) X X WhirlpoolBridge(NewYork) X PeaceBridge(NewYork) X X PeaceArch(Washington) X X PacificHighway(Washington) X X SanYsidro(California) X X Calexico(California) X X OtayMesa(California) X X Figure4.PortsofEntryVisitedandTTPSubprograms WhileCBPhadtakenactionstosecuretravelers PII,includingsafeguardstolessenthe risksofusingrfidtechnology,weidentifieddeficienciesinotherareasofttpthatneed improvements.specifically,weidentifieddeficienciesincbp simplementationof DepartmentofHomelandSecurity s(dhs)baselineconfigurationsettings,and personneloverseeingttpsystemshavenotreceivedtherequiredspecializedtraining annually. 4 ImprovementsNeededonSystemSecurityControls CBPhadnotimplementedalltherequiredDHSsecurityconfigurationsettingson itswindowsandoracleͳlinuxservers,whichmayallowunauthorizedindividuals togainaccesstosensitivedatausedtosupportthettp. 5 Toassessthe effectivenessofcontrolsimplementedonttpserversanddatabase,we interviewedselectedinformationtechnologyandprogrammanagement personnel.inaddition,wereviewedtheconfigurationsettingsonselected serversforcompliancewithapplicabledhsbaselineconfigurationguidance.we alsoreviewedtheconfigurationsettingsontheoracledatabasethatstoresthe PIIusedtoverifytravelerrecords. DHSestablishedbaselineconfigurationsettingsthatprovidetheguidelinesand parametersforensuringaminimumbaselineofsecuritywheninstallingor 4 Baselineconfigurationsettingsprovidesystemanddatabaseadministratorswithproceduresthatwillensurea minimumbaselineofsecurityintheinstallationandconfigurationofthehardwareandsoftware. 5 OracleͲLinuxistheserveroperatingsystemthatisusedtohostthedatabasetostoretraveler spii. 6 OIGͲ14Ͳ139

11 configuringoperatingsystems.theguidelinesincludecontrolsforuseraccess, passwordmanagement,auditing,andservices.thesesettingshelpsecurethe confidentiality,integrity,andavailabilityoftheinformationandsystem. TheresultsofourauditrevealedthatCBPhadimplemented85percentofthe selectedsecuritycontrolsoutlinedinthedhsbaselineconfigurationguidance fororacledatabases.cbpmanagementhadeitherobtainedawaiverfromdhs nottoimplementthesettingsordocumentedtheconfigurationmanagement deviationsweidentifiedinplansofactionandmilestones. 6 However,we identifiedthefollowingconfigurationsettingdeficienciesthatmaybeexploited onthewindowsandoracleͳlinuxserversifnotaddressedtimely: x MinimumpasswordageonWindowsandOracleͲLinuxserverswassetto permituserstochangetheirpasswordmorefrequentlythanrequired, whichmayallowtheusertochangetoafavoritepasswordquicker.this wouldallowausertouseafavoritepasswordrepeatedlyandforalonger periodoftime,whichincreasesthepossibilityofcompromised passwords.dhsrequiresthepasswordagebesetforaminimumof7 daysonlinuxservers,and1dayforwindowsservers.accordingtothe Windowsadministrators,thedeviationisessentialforpassword managementandcbphasimplementedpasswordhistorytoprevent usersfromreusingoldpasswords. 7 x Theaudittrailwassettorecordonlyunsuccessfulsystemevents(e.g., systemshutdown,timechanged).recordingthecorrecttypeofsystem eventisimportanttoreconstructsecurityincidents.dhsrequiresonly successfulsystemeventsberecorded. x x DHSrequirestheuseofWindowsNTLANManagerversion2,to authenticatetheidentityofusersandothersystems.however,cbpused anolderandlesssecureversionofauthenticationprotocol. DHSprohibitstheuseofanunrestricteduseraccount(i.e.,root)tolog intosystemsthroughanencryptedconnection.whentherootaccountis sharedbetweendifferentadministratorsactionstakenthroughan encryptedconnection,suchasmodificationoffiles,cannotbetracked. 6 Aplanofactionandmilestoneisatoolidentifyingtasksthatneedtobeaccomplished. 7 Passwordhistorysetshowfrequentlyoldpasswordscanbereused.Thissettingcanbeusedtodiscourageusers fromchangingbackandforthbetweenasetofcommonpasswords. 7 OIGͲ14Ͳ139

12 CBPconfigureditsLinuxoperatingsystemstoallowrootuserstologinon encryptedconnections. Withoutimplementingtherequiredconfigurationsettings,CBPcannotensure thatthesystemthatsupportsitsttpissecuredandprotectedfrom unauthorizedaccess.further,rfidsystemsoperatingwithouttherequired configurationsettingsincreasesthepossibilitythatmalicioususerscan circumventthesecuritycontrolsprotectingcbpsystems. Recommendation WerecommendthattheAssistantCommissionerandChiefInformationOfficer: Recommendation#1: ImplementtherequiredDHSsensitivesystemsconfigurationsettingson WindowsandOracleͲLinuxserversthatsupporttheTTPoraccepttheriskby documentingthedeviationsinthesystemsecurityplan. ManagementCommentsandOIGAnalysis CBPconcurredwithrecommendation1.CBPwillevaluatethecurrentsettingson WindowsandLinuxanddeterminetheneedtoimplementtherequiredsettings. CBPestimatesthecorrectiveactionswillbecompletedbyFebruary28,2015. WeagreethatthestepsCBPistaking,andplanstotake,begintosatisfythis recommendation.thisrecommendationwillremainopenandresolveduntilcbp providessupportingdocumentationthatallplannedcorrectiveactionsare completed. SpecializedTrainingNeededToEnsureSensitiveTTPDataisSecured Theadministrators,whoareresponsibleformanagingtheglobalenrollment systemanditssubsystems,havenotreceivedtherequiredspecializedtraining withinthepastyear.sincetheglobalenrollmentsystemholdsttpparticipants PII,itiscriticalthatadministratorsobtaintherequiredtrainingtoproperly securethedata.ourauditoftrainingrecordsfor14technicalpersonnel (e.g.,informationsystemssecurityofficers,systemadministrators)revealed thatwhileallhadtakentherequireddhssecurityawarenessandprivacy 8 OIGͲ14Ͳ139

13 awarenesstraining,only2hadtakenspecializedtrainingwithintherequired timeframe. DHSrequiresthatpersonnel,contractors,andothersworkingonbehalfofDHS withsignificantsecurityresponsibilitiesshallreceiveinitialspecializedtraining andthereafterrefreshertrainingannuallyspecifictotheirsecurity responsibilities.cbpmustprovideseniormanagers,systemowners,and informationtechnologyprojectmanagersspecializedsecurityͳrelatedtraining. DuetoalackoffundingandtheDepartment sdiscontinuationofthespecialized, technicaltrainingcourses,cbpcouldnotsenditspersonnelwithsignificant responsibilitiestotraining,suchasthedhsinfosecintroductoryinformation SystemSecurityOfficerandtheDHSINFOSECSystemAdministratorcourses.CBP officialstoldusthatdhshadnotdevelopedanynewtechnicaltrainingto replacediscontinuedcoursesandtherewerenoindicationstodoso.further, CBPdoesnothavesufficientresourcestoprovidethesecoursesbutwill continuetoaccessthetechnicaltrainingavailablewithinthecbpvirtual LearningCenteranddevelopreplacementtrainingcourses. Withoutspecializedtraining,technicalpersonnelmaynotpossesstheskills necessarytoperformtheirassignedsecurityresponsibilitiestosafeguardpii data.specializedtrainingisofparticularimportancetothosewithaccesstothe globalenrollmentsystembecausethissystemcontainspiiusedinthe productionofttpcards. Recommendation WerecommendthattheAssistantCommissionerandChiefInformationOfficer: Recommendation#2: Providetechnicalstaffwiththerequiredspecializedtrainingsandskillsnecessary toproperlysecuretheglobalenrollmentsystemandthesensitiveinformation residingwithinthesystem. CBPconcurredwithrecommendation2.CBPplanstoaugmentitsroleͲbased securityprogramoverthenextseveralmonthstoincludeadditionalcoursesby March31, OIGͲ14Ͳ139

14 ManagementCommentsandOIGAnalysis WeagreethatthestepsCBPistaking,andplanstotake,begintosatisfythis recommendation.thisrecommendationwillremainopenandresolveduntilcbp providessupportingdocumentationthatallplannedcorrectiveactionsare completed OIGͲ14Ͳ139

15 AppendixA Objectives,Scope,andMethodology TheDepartmentofHomelandSecurityOfficeofInspectorGeneralwasestablishedby thehomelandsecurityactof2002(publiclaw107о296)byamendmenttothe InspectorGeneralActof1978.Thisisoneofaseriesofaudit,inspection,andspecial reportspreparedaspartofouroversightresponsibilitiestopromoteeconomy, efficiency,andeffectivenesswithinthedepartment. TheobjectiveofourauditwastodeterminewhetherCBPhaseffectivelymanagedthe implementationofrfidtechnology.specifically,wedeterminedwhethercbphas accomplishedthefollowing: x x x x Developedadequatepoliciesandprocedurestoensuretheconfidentiality, integrity,andavailabilityofdatacontainedonrfidtags,readers,and databases. ImplementedeffectivesecuritycontrolsonitsRFIDdevicestoprotectthe sensitivedatacollected,processed,andgenerated. DevelopedeffectivepoliciesandprocedurestoprotectthePIIcollectedbyand storedontherfidsystem. CompliedwithapplicableDHSinformationsecurityprogramrequirementson RFIDsystems. OurauditfocusedonCBP suseandmanagementofrfidtechnologyforlandborder managementincompliancewithapplicablecriteriaandrequirementsoutlinedinthe DHS4300ASensitiveSystemsHandbook(July2012),DHS4300ASensitiveSystemsPolicy (May2013),DHSHandbookforSafeguardingSensitivePersonallyIdentifiable Information(March2012),DHSBaselineConfigurationGuidance,andNationalInstitute ofstandardsandtechnologyspecialpublication800ͳ98,guidelinesforsecuringrfid Systems(April2007),andSpecialPublication800Ͳ53,SecurityandPrivacyControlsfor FederalInformationSystemsandOrganizations(April2013).Weinterviewedselected programofficialsandtechnicalstafftodiscussthettp,technicaltesting,andany privacyincidentsinvolvingrfid. Weconductedourworkattheprogramlevelandvisitedlandbordercrossingsin Buffalo,NewYork,andBlaineandLynden,Washington,ontheNorthernborder,and Calexico,OtayMesa,andSanYsidro,California,ontheSouthernborder.Wevisitedthe 11 OIGͲ14Ͳ139

16 GovernmentTestLaneFacilityinVirginiatoobtainanoverviewoftheRFIDlanesand testourequipment.weperformedtechnicaltestingtochecksecuritycontrols,identify knownsecurityvulnerabilities,andevaluatewhethercbpconfiguresitsrfiddevicesin accordancewithapplicablepoliciesandstandards.weconductedvulnerability assessmentsandanalysisusingtenablenessusandapplicationdetectiveonsupporting serversanddatabasesthatsupportthettp. WeconductedthisperformanceauditbetweenNovember2013andMarch2014 pursuanttotheinspectorgeneralactof1978,asamended,andaccordingtogenerally acceptedgovernmentauditingstandards.thosestandardsrequirethatweplanand performtheaudittoobtainsufficient,appropriateevidencetoprovideareasonable basisforourfindingsandconclusionsbaseduponourauditobjectives.webelievethat theevidenceobtainedprovidesareasonablebasisforourfindingsandconclusions baseduponourauditobjectives OIGͲ14Ͳ139

17 AppendixB ManagementCommentstotheDraftReport 13 OIGͲ14Ͳ139

18 14 OIGͲ14Ͳ139

19 AppendixC MajorContributorstoThisReport ChiuͲTongTsang,Director TarshaCary,AuditManager ShannonE.Frenyea,SeniorProgramAnalyst ThomasRohrback,SeniorITSpecialist MeganRyno,ProgramAnalyst Referencer,PhilipGreene 15 OIGͲ14Ͳ139

20 AppendixD ReportDistribution DepartmentofHomeland Secretary DeputySecretary ChiefofStaff DeputyChiefofStaff GeneralCounsel ExecutiveSecretary Director,GAO/OIGLiaisonOffice AssistantSecretaryforOfficeofPolicy AssistantSecretaryforOfficeofPublicAffairs AssistantSecretaryforOfficeofLegislativeAffairs CBPAuditLiaison ChiefPrivacyOfficer Commissioner,CBP AssistantCommissionerandChiefInformationOfficer,CBP ChiefInformationSecurityOfficer,CBP AssistantCommissioner,OfficeofFieldOperations,CBP OfficeofManagementandBudget Chief,HomelandSecurityBranch DHSOIGBudgetExaminer Congress CongressionalOversightandAppropriationsCommittees,asappropriate 16 OIGͲ14Ͳ139

21 ADDITIONAL INFORMATION To view this and any of our other reports, please visit our website at: For further information or questions, please contact Office of Inspector General (OIG) Office of Public Affairs at: or follow us on Twitter OIG HOTLINE To expedite the reporting of alleged fraud, waste, abuse or mismanagement, or any other kinds of criminal or noncriminal misconduct relative to Department of Homeland Security (DHS) programs and operations, please visit our website at and click on the red tab titled "Hotline" to report. You will be directed to complete and submit an automated DHS OIG Investigative Referral Submission Form. Submission through our website ensures that your complaint will be promptly received and reviewed by DHS OIG. Should you be unable to access our website, you may submit your complaint in writing to: Office of Inspector General, Mail Stop 0305 Attention: Office of Investigations Hotline 245 Murray Drive, SW Washington, DC You may also call 1(800) or fax the complaint directly to us at (202) The OIG seeks to protect the identity of each writer and caller.