BreachExchange mailing list archives
State Dept. computers open to hackers — report
From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Fri, 17 Jan 2014 18:05:10 -0700
http://www.washingtontimes.com/news/2014/jan/16/state-dept-computers-open-hackers-report/ A day after a bipartisan Senate report faulted the State Department for security lapses the deadly attacks in Benghazi, an investigation from a federal watchdog has found that the agency’s computer systems have inadequate security and could easily be breached. In a redacted letter made public Thursday, the State Department’s inspector general said there were “significant and recurring weaknesses” with cybersecurity, noting that the agency is often a target from hackers in criminal and terrorist organizations. “The department is responsible for preserving and protecting classified information vital to the preservation of national security in high risk environments across the globe,” the IG’s report said, but added that officials have yet to “correct many of the existing significant deficiencies thereby leading to continuing undue risk in the management of information.” The IG has been warning the department of the problems since 2011, but inspectors say little has been done. The watchdog declared computer security a “significant deficiency,” one of the highest and most urgent markers the government uses to track issues. Most of the exact specifics on what’s not working are still classified over concerns that the vulnerabilities could be exploited. Although officials have expressed a desire to correct the problems, the department’s internal watchdog said there has been little action and currently no written guidelines or documented strategy for improving security. In a response to investigators, the State Department's Management Control Steering Committee said a plan to fix the vulnerabilities is already under consideration, and should be ready by the end of the month. “The committee takes the reported weaknesses very seriously,” said MCSC Chairman James Millette. “The committee believes that our efforts over the coming year will advance the department’s information security posture.” Department Inspector General Steve Linick said his office was still concerned that the agency’s own personnel would be the ones testing whether cybersecurity was improving, calling it an issue of “independence and perceived independence.” Instead, an outside organization such as the National Security Agency should evaluate whether changes were actually effective, he said. It’s not only Benghazi-style attacks that could result from breaches in information. The State Department handles millions of dollars from things like visa fees, making it a prime target for theft. And passport applications means that agency computers often contain reams of personal information on U.S. citizens. The inspector general also raised the possibility of an Edward Snowden-like leak from inside the agency if it does not get tighter control of who is accessing its systems. Currently there are more than 6,300 system administrators that investigators said have wide access to computer systems and databases, the watchdog said.
_______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss For inquiries regarding use or licensing of data, e-mail sales () riskbasedsecurity com Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) Risk Based Security offers security intelligence, risk management services and customized security solutions. The YourCISO portal gives decision makers access to tools for evaluating their security posture and prioritizing risk mitigation strategies. Cyber Risk Analytics offers actionable threat information and breach analysis.
Current thread:
- State Dept. computers open to hackers — report Audrey McNeil (Jan 21)