Category Archives: Department of Homeland Security

Hillary’s Email Pals Included the WH and SCOTUS Judges

Posted on by

Sheesh…..now what about the 30,000 emails about ah yoga and wedding plans…yeah, yoga sure Hillary. What about the emails from the White House to Hillary…ah all this transparency is well infectious eh?

Ever wonder why a Secretary of State needed to email, confer and be email pals with selected Supreme Court justices?

Hillary’s email account an open secret in Washington long before scandal broke

WashingtonTimes: Hundreds of people — from White House officials and titans of the mainstream media to senators, Supreme Court justices and many of her top colleagues at the State Department — could have known about Hillary Clinton’s secret email account, if only they’d cared to look closely enough.

Listed on some of the more than 28,000 messages Mrs. Clinton released so far are several White House chiefs of staff and a former director of the Office of Management and Budget, much of the rest of official Washington, and a number of people who had oversight of the State Department’s key operations and open-records obligations. President Obama was also on a series of messages, though the government is withholding those.

But just how widely disseminated Mrs. Clinton’s address was became clear in a single 2011 message from Anne-Marie Slaughter, who appeared to include Mrs. Clinton on a message alongside Supreme Court Justices Stephen G. Breyer and Elena Kagan, reporters Jeffrey Toobin, David Brooks, Fred Hiatt and Evan Thomas, CIA Director David H. Petraeus, top Obama aide Benjamin Rhodes and former White House counsel Gregory Craig.

 
Computer specialists said they would have had to know what they were looking for to spot Mrs. Clinton’s address, but it was there for anyone who did look — raising questions about how her unique arrangement remained secret for so long. It came to the public’s attention when news broke in March 2015 in The New York Times — after it was uncovered by a congressional investigation into the 2012 Benghazi terrorist attack.

The State Department has since acknowledged that it did not search Mrs. Clinton’s messages in response to open-records requests filed under federal law, and federal District Judge Emmet G. Sullivan is prodding the department about how the situation got so out of hand.

“We’re talking about a Cabinet-level official who was accommodated by the government for reasons unknown to the public. And I think that’s a fair statement — for reasons unknown to the public,” the judge said at a hearing last week, where he decided to approve conservative legal group Judicial Watch’s request for discovery to pry loose more details about who approved the odd email setup and how it ducked the rules.
“All the public can do is speculate,” Judge Sullivan told the government lawyers who have been fighting to drag out the release of the messages Mrs. Clinton has turned over, and to prevent her from having to relinquish thousands of others. “You want me to say it’s done, but I can’t do that right now.”

The final batch of messages the State Department has in its custody — 2,000 of them — is due to be released Monday.

The facts have changed dramatically since the emails were first revealed and Mrs. Clinton insisted that she set up her unique arrangement out of “convenience” for herself and insisted no classified material was sent on the account.

Already, 1,782 messages have been deemed to contain classified material, and 22 of those messages contain “secret” information. Another 22 messages contain “top secret” material so sensitive that the government won’t even release any part of them, meaning they will remain completely hidden from the public.

Mrs. Clinton’s arrangement set off public policy and security debates. Analysts said her server was likely unprotected against any moderately sophisticated attack.

Although details remain sketchy as to what protection Mrs. Clinton used, analysts said having one person maintaining her server is no way to protect sensitive information from a hack. Christopher Soghoian, principal technologist at the American Civil Liberties Union, said there is no evidence that Mrs. Clinton was having her server tested by independent specialists — a major oversight.

“You cannot secure your server with one guy working part time,” Mr. Soghoian said.

That one person, Bryan Pagliano, who reportedly worked for Mrs. Clinton at the State Department and on the side as her server technician, asserted his Fifth Amendment right against incriminating himself in testimony to Congress last year.

Even if the server itself wasn’t compromised, Mr. Soghoian said, Mrs. Clinton was sending email over the broader Internet, where an enterprising opponent could have intercepted messages. If she had been using a State.gov account to email others within the government, that wouldn’t have been possible, he said.

There is no evidence that Mrs. Clinton was hacked, but analysts said that’s of little comfort. Even if the FBI doesn’t find evidence, it is not conclusive.

“Clinton’s use of unencrypted email left her vulnerable to nation states. There’s no amount of investigation the FBI can do to prove that didn’t happen,” Mr. Soghoian said.

Bob Gourley, co-founder of cybersecurity consultancy Cognitio, said the government has to assume Mrs. Clinton’s server was compromised, and he said it begs the question of why she declined to use a State.gov account and instead set up her own off-site server.

“All indications are this was not just a matter of convenience,” he said. “There’s no reason why she should have used her own server and go to all the trouble to do that unless she wanted to hide something.”

That something, Mr. Gourley believes, is the negotiating she did on behalf of the Clinton Foundation, founded by her husband, former President Bill Clinton. She helped lead the foundation as soon as she stepped down from the secretary’s job.

The security analyst said he suspects details of those negotiations are part of the 30,000 messages Mrs. Clinton indicated she sent during her time in office but that she declined to turn back to the State Department. The former secretary said those messages were personal business, such as scheduling yoga classes or arranging her daughter Chelsea’s wedding.

Judicial Watch is trying to get Mrs. Clinton to turn over those messages to the State Department, and that’s the case pending before Judge Sullivan.

“The big story on Monday is, wow, now we have reviewed about half of Mrs. Clinton’s reported records. Where’s the other half?” said Judicial Watch President Tom Fitton. “That’s what our discovery is about. Where’s the other half, and how can we find out so they can be retrieved and reviewed and released to the public?”

Mrs. Clinton says the Obama administration is overclassifying her messages. She says she would like all of the messages she returned to the government released, including presumably the 22 the government deems so “top secret” that they can’t be shared even in part.

She and her campaign have questioned the political motivations or conclusions of the inspectors general who have pushed for classification, to Judge Sullivan, whose order of discovery could force her aides to answer tough questions and could eventually lead to her having to return the rest of her emails.

Mr. Fitton said the questions Judicial Watch will ask during discovery include how the government supported her email server, why the folks who handled Freedom of Information Act open-records requests weren’t made aware of it, who else used it, what security precautions were taken and who approved it.

A Washington Times analysis of the more than 28,000 messages that have been released show dozens of State Department employees, from the lowest to the highest levels, were aware that Mrs. Clinton was using her unique arrangement to conduct government business.

The extensive awareness within the department struck Judge Sullivan.

“How on earth can the court conclude that there’s not, at a minimum, a reasonable suspicion of bad faith regarding the State Department’s response to this FOIA request?” he said at a hearing last week.

Mrs. Clinton’s successor, current Secretary of State John F. Kerry, was one of those who emailed with Mrs. Clinton on her secret account during his time in the Senate. He was one of a handful of senators The Times found who were pen pals with Mrs. Clinton.

Last week, Mr. Kerry tried to explain how he missed Mrs. Clinton’s behavior and told Congress he simply mailed the address he was given.

“I didn’t think about it. I didn’t know if she had an account, or what the department gave her at that point in time, or what she was operating with. I had no knowledge,” he told Rep. Darrell E. Issa, a California Republican who prodded him on the matter.

Stories about odd email practices have continued to dog Mr. Obama’s tenure. His former administrator at the Environmental Protection Agency, Lisa P. Jackson, used a secret agency email address to conduct government business, but the EPA says those messages were searched in open-records requests.

Defense Secretary Ashton Carter used a private address to conduct some government business in the first months after taking office. He said the practice was wrong and apologized for it.

Mr. Gourley, the cybersecurity specialist, said Mrs. Clinton’s practice went beyond that. He compared it to a phone, saying everyone has a home phone or personal cellphone, and even top government officials occasionally use it for official business. But in Mrs. Clinton’s case, she rejected an official government email account and used only her secret account.

“Those kinds of rules were just totally flouted by Clinton,” he said.

After Ukraine, DHS Warns Domestic Utility Companies

Posted on by

Feds advise utilities to pull plug on Internet after Ukraine attack

WashingtonExaminer: The Department of Homeland Security advised electric utilities Thursday that they may need to stop using the Internet altogether, after the agency found that a cyberattack that brought down Ukraine’s power grid in December could have been far more devastating than reported.

The Dec. 23 cyberattack forced U.S. regulators to place utilities on alert after unknown attackers caused thousands of Ukrainian residents to lose power for hours by installing malicious software, or malware, on utility computers. But the Department of Homeland Security said Thursday that the attack may have been directed at more than just the country’s electricity sector, suggesting the attackers were looking to cause more harm than was reported.

In response, federal investigators are recommending that U.S. utilities and other industries “take defensive measures.” To start with, they need to best practices “to minimize the risk from similar malicious cyber activity,” according to an investigative report issued Thursday by Homeland Security’s Industrial Control Systems Cyber Emergency Response Team.

But the team is also recommending more drastic action, such as keep control-system computers away from the Internet.

“Organizations should isolate [industrial control system] networks from any untrusted networks, especially the Internet,” the report says. “All unused ports should be locked down and all unused services turned off. If a defined business requirement or control function exists, only allow real-time connectivity to external networks. If one-way communication can accomplish a task, use optical separation.”

The findings show that the power outages were caused by three attacks using cyberintrusion software to attack electric power distribution companies, affecting about 225,000 customers. It also reveals that once power was restored, the utilities continued “to run under constrained operations,” implying that the damage to grid control systems was profound.

The team also learned that “three other organizations, some from other critical infrastructure sectors, were also intruded upon but did not experience operational impacts.” That suggests the attackers were going after more than just the power grid, and may have been planning a much more economy-wide attack. The team does not disclose what other sectors of the country were targeted.

The team said the attack was well-planned, “probably following extensive reconnaissance of the victim networks,” the report says. “According to company personnel, the cyberattacks at each company occurred within 30 minutes of each other and impacted multiple central and regional facilities.”

The attackers were attempting to make the damage permanent. The report says the attackers installed “KillDisk” malware onto company computers that would erase data necessary to reboot operations after a cyberattack.

There is also a mystery to the attackers’ actions.

“Each company also reported that they had been infected with BlackEnergy malware; however, we do not know whether the malware played a role in the cyberattacks,” the report says. The malware was delivered using an email embedded hacking technique known as “spear phishing” that contained a number of malicious Microsoft Office attachments.

“It is suspected that BlackEnergy may have been used as an initial access vector to acquire legitimate credentials; however, this information is still being evaluated,” the team says.

The investigation was done with Ukraine authorities and involved the FBI, Department of Energy and the North American Electric Reliability Corporation.

*** 

New research is shining a light on the ongoing evolution of the BlackEnergy malware, which has been spotted recently targeting government institutions in the Ukraine.

Security researchers at ESET and F-Secure each have dived into the malware’s evolution. BlackEnergy was first identified several years ago. Originally a DDoS Trojan, it has since morphed into “a sophisticated piece of malware with a modular architecture, making it a suitable tool for sending spam and for online bank fraud,” blogged ESET’s Robert Lipovsky.

“The targeted attacks recently discovered are proof that the Trojan is still alive and kicking in 2014,” wrote Lipovsky, a malware researcher at ESET.

ESET has nicknamed the BlackEnergy modifications first spotted at the beginning of the year ‘BlackEnergyLite’ due to the lack of a kernel-mode driver component. It also featured less support for plug-ins and a lighter overall footprint.

“The omission of the kernel mode driver may appear as a step back in terms of malware complexity: however it is a growing trend in the malware landscape nowadays,” he blogged. “The threats that were among the highest-ranked malware in terms of technical sophistication (e.g., rootkits and bootkits, such as Rustock, Olmarik/TDL4, Rovnix, and others) a few years back are no longer as common.”

The malware variants ESET has tracked in 2014 – both of BlackEnergy and of BlackEnergy Lite – have been used in targeted attacks. This was underscored by the presence of plugins meant for network discovery, remote code execution and data collection, Lipovsky noted.

“We have observed over a hundred individual victims of these campaigns during our monitoring of the botnets,” he blogged. “Approximately half of these victims are situated in Ukraine and half in Poland, and include a number of state organizations, various businesses, as well as targets which we were unable to identify. The spreading campaigns that we have observed have used either technical infection methods through exploitation of software vulnerabilities, social engineering through spear-phishing emails and decoy documents, or a combination of both.”

In a whitepaper, researchers at F-Secure noted that in the summer of 2014, the firm saw samples of BlackEnergy targeting Ukrainian government organizations for the purposes of stealing information. These samples were nicknamed BlackEnergy 3 by F-Secure and identified as the work of a group the company refers to as “Quedagh.” According to F-Secure, the group is suspected to have been involved in cyber-attacks launched against Georgia during that country’s conflict with Russia in 2008.

“The Quedagh-related customizations to the BlackEnergy malware include support for proxy servers and use of techniques to bypass User Account Control and driver signing features in 64-bit Windows systems,” according to the F-Secure whitepaper. “While monitoring BlackEnergy samples, we also uncovered a new variant used by this group. We named this new variant BlackEnergy 3.”

Only Quedagh is believed to be using BlackEnergy 3, and it is not available for sale on the open market, noted Sean Sullivan, security advisor at F-Secure.

“The name [of the group] is based on a ship taken by Captain Kidd, an infamous privateer,” he said. “It is our working theory that the group has previous crimeware experience. Its goals appear to be political but they operate like a crimeware gang. There have been several cases this year of which BlackEnergy is the latest. The trend is one of off-the-shelf malware being used in an APT [advanced persistent threat] kind of way. The tech isn’t currently worthy of being called APT, but its evolving and scaling in that direction.”

Within a month of Windows 8.1’s release, the group added support for 64-bit systems. They also used a technique to bypass the driver-signing requirement on 64-bit Windows systems.

In the case of BlackEnergy 3, the malware will only attempt to infect a system if the current user is a member of the local administration group. If not, it will re-launch itself as Administrator on Vista. This will trigger a User Account Control (UAC) prompt. However, on Windows 7 and later, the malware will look to bypass the default UAC settings.  

“The use of BlackEnergy for a politically-oriented attack is an intriguing convergence of criminal activity and espionage,” F-Secure notes in the paper. “As the kit is being used by multiple groups, it provides a greater measure of plausible deniability than is afforded by a custom-made piece of code.”

In 2014 from the Department of Interior and DHS:

Summary: Investigation of NPS-GCNP SCADA SYSTEM

Report Date: August 7, 2014

OIG investigated allegations that the Supervisory Control and Data Acquisition (SCADA) system at Grand Canyon National Park (Park) may be obsolete and prone to failure. In addition, it was alleged only one Park employee controlled the system, increasing the potential for the system to fail or become unusable.

The SCADA system is a private utilities network that monitors and controls critical infrastructure elements at the Park. Failure of the system could pose a health and safety risk to millions of Park visitors. Due to potential risks that system failure posed, we consulted with the U.S. Department of Homeland Security Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) and asked that they assess the overall architecture and cybersecurity of the Park’s SCADA system.

ICS-CERT conducted an onsite review and issued a report outlining the weaknesses it found at the Park’s SCADA system, including obsolete hardware and software, inadequate system documentation and policies, insufficient logging and data retention. We provided a copy of ICS-CERT’s assessment report to the National Park Service for review and action.

 

 

U.S. 133 Cyber Teams Under Construction

Posted on by

Is this a change and an approval by Obama from 2012? (Note this is only a defensive strategy)

Presidential Cyberwar Authority

 

In October 2012, President Obama signed the top-secret Presidential Policy Directive 20, which enabled the military to aggressively initiate and thwart cyber­attacks related our nation’s security. While most of the cyber attack targets are network systems or infrastructure-based, an elite Psychological Operations (PsyOps) team has focused its efforts on secretly defacing the public websites of our adversaries. Due to the high visibility and sensitive nature of this activity, only President Obama has the authority to target and launch these types of attacks.

The President authorizes these attacks using the global Cyber Warfare Command and Control System (CWCCS), which is accessible from this web page only from the President’s authorized computer.

****

 

WASHINGTON (AP) — Not long after Defense Secretary Ash Carter prodded his cyber commanders to be more aggressive in the fight against Islamic State, the U.S. ramped up its offensive cyberattacks on the militant group.

According to several U.S. officials, the attacks are targeting the group’s abilities to use social media and the Internet to recruit fighters and inspire followers, U.S. officials told The Associated Press.

U.S. officials confirmed that operations launched out of Fort Meade, Maryland, where the U.S. Cyber Command is based, have focused on disrupting the group’s online activities. The officials said the effort is getting underway as operators try a range of attacks to see what works and what doesn’t. They declined to discuss details, other than to say that the attacks include efforts to prevent the group from distributing propaganda, videos or other types of recruiting and messaging on social media sites such as Twitter, and across the Internet in general.

Other attacks could include attempts to stop insurgents from conducting financial or logistical transactions online.

The surge of computer-based military operations by U.S. Cyber Command began shortly after Carter met with commanders at Fort Meade last month.

Several U.S. officials spoke about the cyber campaign on condition of anonymity because they were not authorized to discuss it publicly. Much of the effort is classified.

Carter mentioned the operations briefly Thursday, telling a House Appropriations subcommittee only that Cyber Command is beginning to conduct operations against the Islamic State group. He declined to say more in a public setting.

The more aggressive attacks come after months of pressure from Carter, who has been frustrated with the belief that the Pentagon — and particularly Cyber Command — was losing the war in the cyber domain.

Late last year Carter told cyber commanders they had 30 days to bring him options for how the military could use its cyberwarfare capabilities against the group’s deadly insurgency across Iraq and Syria, and spreading to Libya and Afghanistan. Officials said he told commanders that beefing up cyberwarfare against the Islamic State group was a test for them, and that they should have both the capability and the will to wage the online war.

 

But the military cyber fight is limited by concerns within the intelligence agencies that blocking the group’s Internet access could hurt intelligence gathering.

Officials said Carter told commanders that he the U.S. to be able to impact Islamic State operations without diminishing the indications or warnings U.S. intelligence officers can glean about what the group is doing. On Jan. 27, Carter and Marine Gen. Joseph Dunford, chairman of the Joint Chiefs of Staff, went to Fort Meade for an update.

Officials familiar with Carter’s meetings said the secretary was frustrated that as Cyber Command has grown and developed over the past several years, it was still focused on the cyberthreats from nations, such as Iran, Russia and China, rather than building a force to block the communications and propaganda campaigns of Internet-savvy insurgents.

 

“He was right to say they could be more forward leaning about what they could possibly do against ISIS,” said James Lewis, a cybersecurity expert at the Center for Strategic and International Studies. “You could disrupt their support networks, their business networks, their propaganda and recruitment networks.” However, Lewis added, the U.S. needs to be careful about disrupting the Internet to insure that attacks don’t also affect civilian networks or systems needed for critical infrastructure and other public necessities. U.S. officials have long been stymied by militants’ ability to use the Internet as a vehicle for inspiring so-called lone wolf attackers in Western nations, radicalized after reading propaganda easily available online.

“Why should they be able to communicate? Why should they be using the Internet?” Carter said during testimony before the defense appropriations subcommittee. “The Internet shouldn’t be used for that purpose.” He added that the U.S. can conduct cyber operations under the legal authorities associated with the ongoing war against the Islamic State group. The U.S. has also struggled to defeat high-tech encryption techniques used by Islamic State and other groups to communicate. Experts have been working to find ways to defeat those programs.

Cyber Command is relatively new. Created in 2009, it did not begin operating until October 2010.

Early on, its key focus was on defending military networks, which are probed and attacked millions of times a day. But defense leaders also argued at length over the emerging issues surrounding cyberwarfare and how it should be incorporated.

 

The Pentagon is building 133 cyber teams by 2018, including 27 that are designed for combat and will work with regional commands to support warfighting operations. There will be 68 teams assigned to defend Defense Department networks and systems, 13 that would respond to major cyberattacks against the U.S. and 25 support teams.

Undocumented Teachers in Your Child’s Classroom

Posted on by

So, no U.S. citizens with teaching certificates? Perhaps the mission is to lower payroll costs and meet quotas? Or join unions and teach selected history…

Is there a state left that can define what citizenship is? Is there a state that is protecting ‘the pursuit of happiness’? Apparently teaching, a noble profession, or at least used to be is no longer noble.

For reference, Tashfeen Malik, the female San Bernardino killer could have been a teacher in your child’s classroom, she came into the United States under false documents…no documents? What is the difference?

NY to let undocumented workers become teachers

ALBANY — Undocumented immigrants in New York will be able to apply for teacher certifications and professional licenses, according to the state Board of Regents.

The board that oversees education policies in New York voted Wednesday to allow people who can’t get legal residency because of their parents’ immigration status to seek teacher certifications. They also will be able to apply for a license from among the 53 professions overseen by the state Education Department, including a variety of medical professions.

“These are young people who came to the U.S. as children,” state Education Commissioner MaryEllen Elia said in a statement. “They are American in every way but immigration status. They’ve done everything right.  They’ve worked hard in school, some have even served in the military, but when it’s time to apply for a license, they’re told ‘Stop. That’s far enough.’ We shouldn’t close the door on their dreams.”

The Board of Regents pointed to a June 2012 policy by the Obama administration called the Deferred Action for Childhood Arrivals that allows individuals who came to the U.S. as children and meet certain guidelines to request consideration of “deferred immigration action” for two years that can be renewed.

The federal policy, the board said, applies to young people who usually get their immigration status from their parents, many of whom are undocumented.

“As a result, most of these individuals have no current mechanism to obtain legal residency, even if they have lived most of their lives in the U.S.” the Board of Regents said in a statement.

But people in the system are prohibited from obtaining teaching certification and licenses in certain professions, the board said, including pharmacy, dentistry and engineering.

The regulation by the Board of Regents will be finalized after a public-comment period.

Sen. Terrence Murphy, R-Yorktown, Westchester County, ripped the policy.

“Allowing lawbreakers to teach, or practice medicine, says a lot about how backwards our priorities truly are in New York,” Murphy said in a statement. “This is another example of why rule-making by unelected bureaucrats is what is ruining New York state. Will they next unilaterally enact free college tuition for illegal immigrants?”

He said New York doesn’t allow a military spouse with an equivalent license in another state to teach in New York, so “Elia should be focusing on reciprocity and interstate licensure for those who have earned it, instead of doing further harm to our already broken immigration system and rewarding lawbreakers.”

Gov. Andrew Cuomo said he has yet to review the new education policy to determine its legality.

“It depends on how they write the policy, as to whether or not it’s legal and constitutional, and I haven’t seen anything,” Cuomo said when asked about the policy by reporters Thursday in Albany.

Democratic lawmakers praised the action. Democrats have been pushing for the Dream Act in New York, which would allow immigrants in the country illegally to access state financial aid for college. Republicans have opposed the measure.

“This is a tremendous win for New York’s students,” Assembly Speaker Carl Heastie, D-Bronx, said in a statement. “The Assembly majority has always led the charge to expand opportunities for every student, and we have championed issues like the DREAM Act and greater investment in higher education to show our commitment to all of the families who have made New York their home.”

 

216heppcd1

DHS: 12 Years, $180 Million, Not Close to Complete

Posted on by

Same personnel as those that did the Obamacare website? Is there a single agency that works?

DHS excoriated for mismanaged HR IT system

An ambitious program begun by the Department of Homeland Security in 2003 to consolidate all of its component agencies’ HR systems, from payroll to timesheets and beyond, isn’t near completion after more than 12 years of work. Many in Congress are not pleased.

A Government Accountability Office study on the DHS HRIT investment released for a Feb. 25 House Homeland Security Oversight and Management Efficiency subcommittee hearing said 400 of the agency’s human capital systems that were to have been consolidated under the program are unaccounted for.  The program has cost millions, GAO found, but DHS did not keep track of exact costs.

Carol Cha, GAO’s director of IT acquisition management issues, testified at the hearing that the HRIT has been on her agency’s list of high-risk IT projects for some time.

“That’s breathtaking,” said subcommittee Chairman Scott Perry (R-Pa.). More than a dozen years and $180 million later, he said, DHS is “no closer” to completing the project than it was in 2003.  The exact cost to date, said Perry,  because of the inadequate record-keeping.

“This is a poster child of inept management,” he said, declaring the lack of cost tracking “reprehensible, unacceptable.”

DHS, Rep. Bonnie Watson Coleman (D-N.J) said, “has shown a tremendous lack of commitment” to the project.

Later in the hearing, Perry’s irritation with DHS’ handling of the sprawling project flared again and again. “For the love of God Mr. Fulghum, [the money] has been pissed away,” he snarled at Chip Fulghum, DHS’ deputy undersecretary for management.

Fulghum was in the hot seat to defend the agency’s work on the project. “We don’t care if it’s hard to do,” Perry said, later adding, “you’re the heavies, get it done.”

 

Although Fulghum said DHS agreed with the GAO’s 14 recommendations to address HRIT’s poor progress and ineffective management, he pointed to the agency’s work on the consolidated performance management and learning system called PALMS as evidence that DHS can execute on enterprise-wide IT consolidation. He said the agency’s component agencies are close to signing off on PALMS’ use.

Fulghum also said DHS is working aggressively to strengthen the program’s oversight and direction. He said the agency had also appointed Angela Bailey as chief human capital officer a few months ago to coordinate the project.

Bailey, who also testified at the hearing, assured the panel that her agency has stepped up oversight meetings with an executive review councils and boards to spur progress. “Clearly we have work to do,” she said.

Amid the admonitions from the congressional panel, Rep. Cedric Richmond (D-La.) threw something of a life preserver to Fulghum in the middle of the hearing, asking the DHS executive if the agency has considered shared services to handle some of the HR functions that HRIT would do.

Richmond noted that the Agriculture Department’s National Finance Center provides payroll and other financial management services, as well as human resources management services. “At the end of the day, we just want things to work,” said Richmond, whose Louisiana district is home to the NFC. “You should talk to the director of the National Finance Center. They say they can solve the problem.”

Fulghum said he supported shared services and that “we’re absolutely interested” in exploring such opportunities.

At the end of the hearing, Flughum pledged to spur progress on the program in the coming months. He said the oversight panel would receive a concrete plan by early May that contains hard deadlines and a blueprint for moving ahead.