Quake Monitoring Systems Not Critical?
Wouldn't systems that monitor earthquakes and provide knowledge for reducing deaths, injuries and property damage from tremors as well as those that furnish scientific information on environmental contaminations be considered critical to human safety?
You'd think the United States Geological Service would; they're responsible for these systems. Yet, it seems, USGS officials think not, according to the latest inspector general's audit on Federal Information Security Management Act compliance by the Interior Department, where the USGS is based.
Here are three USGS programs supported by IT systems the Interior IG deems critical:
- Global Seismic Networks: Contains 128 seismographic stations in more than 80 countries on all continents; provides coverage for earthquake monitoring, worldwide reporting and research; monitors nuclear explosions worldwide.
- Earthquake Hazards Program: Provides and applies relevant earthquake science information and knowledge for reducing deaths, injuries, and property damage from earthquakes through understanding of their characteristics and effects and by providing the information and knowledge needed to mitigate these losses.
- Toxic Substances Hydrology Program: Provides objective scientific information on environmental contamination to improve characterization and management of contaminated sites, to protect human and environmental health, and to reduce potential future contamination problems.
Under FISMA, the more critical an IT system is deemed, the more security controls it requires. Said the IG in its FISMA report:
"Having a moderate rather than a high system categorization artificially lowers the reported risk. By categorizing a system as moderate impact rather than high impact, federal guidance allowed USGS to implement 67 fewer IT security controls.
The documentation on the systems USGS provided the IG to justify the lowering of the categorization to moderate from high included the following explanation:
"No written formal agreements have been established with external organizations where USGS information is legally required to protect human lives or directly provide for national security."
Translation: Heck, ain't our job to protect people and property.