Homeland Security Archives

Within the next 6 to 12 months, Homeland Security Department officials say they expect to have a long-awaited, instantaneous system for tracking foreigners who have overstayed their visits. Lawmakers have said such a tool is crucial for removing potential terrorists.

In 2002, DHS began to build a comprehensive entry and exit system for collecting biometric data from visitors traveling to the United States but nearly a decade later the exit part still doesn't exist.

Without an exit system, the department has encountered difficulty accurately identifying overstays, according to the Government Accountability Office. DHS estimates there were 36 overstays among the 400 people convicted through international terrorism-related investigations between September 2001 and March 2010. Five of the 19 hijackers on Sept. 11, 2001, were overstays.

Those statistics may change if all goes according to plans that DHS officials outlined at a House hearing this week.

The department is looping together a multitude of databases operated by three DHS components and the intelligence community to more quickly see red flags. Once integrated, the systems maintained by Customs and Border Protection, Immigration and Customs Enforcement and US-VISIT will be able automate previously manual searches and cross-check those findings with law enforcement and intelligence data. In essence, the integrated app will generate an e-dossier on leads, testified John D. Cohen, DHS principal deputy coordinator for counterterrorism.

"Instead of us being reactive," by screening an accumulated list of potential overstays, "CBP and the technologists will be developing essentially a hot sheet," he told members of the House Homeland Security Subcommittee on Border and Maritime Security. It "will essentially create a dashboard available to ICE, on a day to day basis, that will provide them with insights about those public safety and national security risks that are either overstays or existing visa holders."

At first, the application will not be the biometric one envisioned by authorities after 9/11. It will include biographic information and certain fingerprints from travelers entering the United States, and, with advances in research, gradually grow into a robust biometric system. "You have the foundation for a biometric exit capability of the future," Cohen said.

Already, the department has taken steps toward this goal by vetting a backlog of 1.6 million overstays, Cohen said.

In May, DHS officials began by scratching off names of people who had since left the country or changed immigration status. Then, they screened in-house law enforcement and immigration records, as well as intelligence holdings from the National Counterterrorism Center, to winnow the remaining 757,000 people to 2,000 high-risk individuals. Of those, some had died or since become part of an ongoing investigation, leaving several hundred potential leads.

Two months later, all of the previously un-reviewed overstay records had been analyzed from a national security and public safety perspective, Cohen said. ICE currently is pursuing suspects, he added.

"I cannot for one tell you how much better I feel now," said Subcommittee Chairman Candice Miller, R-Mich.

Not so, said GAO.

"If we're going to focus on the national security and public safety folks, which is the thing to start with -- it gives the impression that once you're in the country, you're in. Unless you act out," Richard M. Stana, GAO director for homeland security and justice issues, said at the hearing.

Omar Abdel-Rahman -- an overstay -- had no criminal record before he was arrested for the 1993 World Trade Center bombing, Rep. Michael McCaul, R-Texas, noted.

Foreigners who aspire to work for federal contractors can now use a Spanish-language website to make sure their correct immigration status is on file with the government before their employers are required to do so -- avoiding potential unemployment.

All personnel doing business with the government must pass muster with e-Verify, an online system that U.S. businesses use to check the employment eligibility of new hires. In March, U.S. Citizenship and Immigration Services, an arm of the Homeland Security Department, began offering an English-version of the system - e-Verify Self Check -- in a few states for foreign jobseekers to check that their personal information is accurate.

On Tuesday, USCIS announced a Spanish version is now available and the service has been expanded to 16 additional states. Nationwide rollout is expected by the spring.

Federal vendors often complain e-Verify contains errors such as missing Social Security numbers that generate messages showing a hire has no legal documentation. If that happens, the employee only has eight days to start working with the Social Security Administration to resolve the mistake. Otherwise, the staffer could lose his or her job.

You can try e-Verify Self Check if you live in California, Louisiana, Maine, Maryland, Massachusetts, Minnesota, Missouri, Nebraska, Nevada, New Jersey, New York, Ohio, South Carolina, Texas, Utah, Washington, Arizona, Colorado, Idaho, Mississippi, Virginia and the District of Columbia.

The Federal Trade Commission is allowing the U.S. Citizenship and Immigration Services arm of the Homeland Security Department access to its secure consumer complaint database so USCIS officials can investigate scammers posing as immigration legal advisers, federal officials announced on Thursday.

Typically only law enforcement officials can search through the FTC's Consumer Sentinel Network, which warehouses tips that customers submit to the Better Business Bureau, National Consumers League and other watchdog organizations.

USCIS, FTC and Justice Department officials announced the new data exchange on Thursday as part of a public awareness campaign to crack down on unauthorized legal assistance providers. Many imposters charge unwitting immigrants for resources the government offers for free, like application forms, or falsely claim they can expedite the approval process, according to USCIS officials. Some promise to help clients obtain immigration papers for which the applicant is ineligible.

Obama administration officials have been stressing the White House's commitment to immigration enforcement, as they try to ease the way for comprehensive immigration reform.

USCIS posted several campaign ads on YouTube to educate people on how to avoid immigration scams, but the promos do not encourage reporting deceptive outfits. The ads direct Internet users to the uscis.gov/avoidscams website for more information. A "Report Immigration Scams" tab on the site takes visitors to an interactive Web page where they can notify authorities about suspicious professionals.

The Pentagon and the Homeland Security Department are aiding Defense contractor Lockheed Martin Corp. on an investigation into a cyber attack that reportedly infiltrated the firm's security networks, federal officials said Saturday night.

"DoD is aware of a cyber incident impacting Lockheed Martin and, together with the Department of Homeland Security, is working with the company in determining the extent of the incident," Pentagon spokeswoman Lt. Col. April Cunningham said. "Impact to DoD is minimal and we don't expect any adverse effect."

In the past, the Defense' Cyber Crime Center has been responsible for heading probes into intrusions on .mil networks and systems in the defense industrial base, which includes Lockheed. Homeland Security has focused on helping civilian agencies and commercial companies assess cyber events, such as the recent Sony PlayStation network breach.

But, increasingly, the Pentagon and Homeland Security have been sharing cyber experts, tools and privacy officers, to respond to cyberattacks against government contractors, including one disclosed in March that hit security firm RSA. In that incident, perpetrators compromised a system containing information on RSA-manufactured "SecurID" digital credentials used by many federal employees and contractors.

According to Reuters, which first reported the Lockheed incident on Friday, unidentified hackers "breached [Lockheed] security systems designed to keep out intruders by creating duplicates to SecurID electronic keys," according to one person who was not authorized to publicly discuss the matter. The offenders learned how to copy the security keys with data stolen during the RSA attack, the Reuters story said.

At the time, RSA Executive Chairman Art Coviello announced through a message on the company's website that the data stolen could potentially be used to weaken the security of SecurID devices "as part of a broader attack."

As a matter of policy, Homeland Security and military officials declined to comment on the operations underway to stem damage at Lockheed.

DHS and Defense officials have "been in contact with the company to offer assistance in determining the extent of the incident, performing analysis of available data in order to provide recommendations to mitigate further risk," Homeland Security spokeswoman Amy Kudwa said.

Lockheed officials did not immediately respond to a request for comment.

Homeland Security officials confirmed they have nixed a project that was supposed to tie together the department's financial systems, instead opting to consider a smaller network located remotely, in the cloud.

Friday morning, Nextgov reported that DHS yanked the Transformation and Systems Consolidation program, or TASC, after current contractors on existing systems and a Web services company protested a $450 million contract the department awarded to CACI last year.

"Based upon a review and reevaluation of the solicitation, DHS is considering alternatives to meet revised requirements," DHS spokesman Chris Ortman said Friday, referring to the department's decision to stop pursuing a centralized financial, asset and acquisition management system. "The modernization of the department's financial, acquisition and asset systems remains a key priority for DHS."

In March, federal auditors, in siding with one of the protesters, Global Computer Enterprises, a provider of online financial reporting and accounting services, ruled that DHS narrowed system requirements mid-competition without letting vendors submit new proposals. Homeland Security changed directions after the White House directed all agencies halt work on financial systems, a characteristically complex kind of IT project, and either scale back features or cancel the whole operation.

As for future plans, DHS officials said a cloud-based or shared services setup, where multiple agencies share server room in a government or contractor-operated data center, could meet the department's needs. The new model would attempt to connect fewer agencies and fewer tools, just the core financial management functions at the Federal Emergency Management Agency, the U.S. Coast Guard and U.S. Immigration and Customs Enforcement.

This marks the second time the department, which also recently abandoned a more than $1 billion border virtual fence, has lost money on a failed effort to unify its financial systems. Some lawmakers remain concerned that any future project will falter due to poor planning, no matter whether the system resides in the cloud or in a physical DHS data center.

"Most of the material weaknesses still on the books are related to processes and not systems, and regardless of what decisions DHS makes on how it will integrate its information systems, the underlying processes must be corrected for that system to function properly," Rep. Todd Platts, R-Pa., chairman of the House Oversight and Government Reform Subcommittee on Government Organization, Efficiency and Financial Management, said at a Friday hearing on the department's overall financial management.

The need for public safety agencies to have interoperable radios is well-documented. In January the Federal Communications Commission unanimously approved an order that would establish interoperability standards for a nationwide public safety communications network.

First responders rely heavily on scarce and shrinking VHF spectrum as well as complex radios, said John Santo, executive director of Customs and Border Protection's wireless systems program office. One of the biggest challenges, he said, is that his agents cannot see what they are responding to.

New technologies necessary for interoperable systems are sometimes called "bleeding edge," since there is a risk in using them. But for public safety, that includes real blood, because first responders usually respond to life-threatening situations, said John Powell, interoperability chair of the National Public Safety Telecommunications Council, during an all-day FCC forum on Friday that addressed various interoperability issues.

The need for public safety agencies to have interoperable radios is well-documented. But for Customs and Border Protection, their legacy communications infrastructure is so antiquated that in some cases they are buying parts through the online auction site eBay.

That's according to John Santo, executive director of the CBP's wireless systems program office, part of the Homeland Security Department. Santo was discussing interoperability at a forum sponsored by the Federal Communications Commission Friday.

Nonetheless, he said having been in law enforcement for more than 30 years, he is "really encouraged by the momentum that's growing around" have interoperability standards.

The U.S. Cyber Challenge, a division of the non-profit Center for Internet Security, launched an online competition Monday to identify 10,000 "cyber warriors" among high school students with the skills to pursue advanced education and job opportunities in cybersecurity.

The nationwide competition was chartered to identify young Americans with the aptitude to become cyber leaders in government, the military and the private sector. Those who do well may receive scholarships, internships and other opportunities.

The competition combines tutorials with a series of timed quizzes in three critical areas: networking, operating systems and system administration. The curriculum and contest were developed by The SANS Institute, a computer security training company.

"We must act now to develop a competent workforce that can support the needs of securing our cyber networks, which is quickly becoming a national priority," said Rep. Jim Langevin, D-R.I., co-chair of the House Cyber Security Caucus. "I hope this challenge will grow into a national model for inspiring and harnessing our young cyber talent."

The Office of Management and Budget has given agency chief information officers new guidance on installing software to continuously monitor the security of their networks by the end of fiscal 2012, Federal News Radio reported Wednesday.

As part of the administration's annual IT budget passback guidance, which was obtained by FNR, agencies are also instructed to use the CyberScope reporting tool to submit standard data on the health of their IT systems by Sept. 30. Homeland Security is supposed to issue guidance for exporting data to CyberScope later this year.

Continuous monitoring, which requires security evaluations on an ongoing basis in real time or near real time, presents a major challenge for agencies, the report noted. Many agencies now conduct such monitoring only a few times a year.

The Homeland Security Department has begun the process of contracting to replace the border security network it scrapped last week, by issuing a request for information on interconnected surveillance towers, department officials said on Wednesday.

The market research is part of the department's new plan to acquire proven, ready-made technology tailored to the terrain of each border region, as opposed to the now-defunct $1 billion Secure Border Initiative network. The SBInet program ran into cost, schedule and performance problems in an unsuccessful attempt to install a one-size-fits-all virtual fence composed of monitoring devices, intelligence databases and communication links.

Depending on budget decisions, a formal request for bids on the project might be issued late this fiscal year, with contracts awarded several months after that, DHS spokesman Matthew Chandler said.

The RFI for so-called integrated fixed towers, which was posted Tuesday on the contracting bulletin board FedBizOpps, asks vendors for comments on market conditions and scientific advances to help shape "an acquisition strategy for technology solutions that detect, track, identify and classify illegal incursions." The technology is intended to provide border agents with a full view of activity between ports of entry to stop drug smuggling, illegal immigration and terrorist-related activities. Comments are due Feb. 8.

"The RFI approach is one tool available to us to involve industry at an early stage in our process," Chandler said.

Department officials will start procuring stand-alone tower parts this fiscal year, Chandler added. He said the decision to move ahead with the non-integrated tower elements was based on the priorities of DHS' Customs and Border Protection bureau.

DHS is looking for tools that will offer automatic, continuous wide-area surveillance that are largely open, or not tied to any one brand's proprietary technology, according to Tuesday's notice. Contracting officers envision a system consisting of several towers, where each one is equipped with a suite of sensors for constant surveillance; supporting power; and communications.

The applications will instantly identify humans, animals, vehicles and other suspicious items, as well as provide agents with video to inspect the scene manually for backpackers or people carrying certain weapons. The video will enable border personnel "to classify the threat in terms of group size, whether they are migrant workers, smugglers, etc, and whether they are armed," the RFI states.

The system will display the precise location, speed and direction of suspicious activity, according to the notice. The technology also will draw from pre-existing data feeds that were launched during the SBInet program. The tower equipment and network connectivity must withstand extreme weather conditions and harsh environments, such as the Arizona deserts and mountains where DHS initially had begun deploying SBInet.