Too Close for Comfort

Locale of DHS Data Center Questioned
Too Close for Comfort
Securing government IT systems isn't just about passwords, hacking, viruses or firewalls. It can be physical, too.

In a just-issued report that lauded some of its initiatives to strengthen disaster recovery at the Department of Homeland, the DHS inspector general says the department didn't adequately assess the risk of having one of its data centers two miles from a NASA rocket test site in Mississippi.

The data center was built on the site of a former munitions assembly plant, which the IG suggests could result in possible environmental contamination.

A DHS assessment of the data center site failed to note whether the facility would be assessable in the event of a catastrophic rocket engine test failure, as well as the risk posed by acoustical vibrations associated with normal engine tests even though the facility is within a 125,000-acre acoustical buffer zone, the IG says.

The assessment also did not address the risk associated with operating at a site where the military once manufactured howitzer shells. "Risks associated with working in a former munitions facility, such as lead contamination or unexploded munitions, should be quantified to ensure the safety of staff and their ability to operate the facility," the IG says.

The data center, about 45 miles east of New Orleans just across the Louisiana-Mississippi line, is situated about 20 miles from the Gulf of Mexico. The IG calls on Homeland Security to develop plans to address potential impacts from hurricanes that could prevent employees from accessing the site or operating the facility because of flooding and power failures.

The IG report also faults DHS for not connecting the Mississippi data center with another departmental data center in Virginia to ensure backup capabilities for each other. "Without the necessary connectivity between the two data centers," the IG says, "DHS might not be able to backup and restore mission critical systems within users' required time frames."

Not all of the IG's observations were critical.

"Generally, the department has made progress in establishing an enterprise-wide disaster recovery program," the IG says. "Specifically, the department has allocated funds for this program since fiscal year 2005, and by August 2008 had established two new data centers. Further, the department now includes contingency planning as part of the system authorization process and it has issued guidance to ensure that contingency planning documentation conforms to government standards ... (still) more work is needed."

About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.