Feeds

Hate keeping your systems updated and secure? So does Uncle Sam

Report shows security lapses rampant in government agencies

The Essential Guide to IT Transformation

A Senate report has cast doubt on the ability of many of the US's largest government agencies to properly secure and maintain their systems.

The report, authored by Senator Tom Coburn (R-OK) and his fellow Republican members of the Senate Homeland Security and Governmental Affairs Committee, detailed incidents in government agencies that ranged from the Department of Homeland Security and the Department of Energy to the Internal Revenue Service and the Department of Education.

The committee noted that in many cases agencies have failed to maintain everyday security measures and best practices for protecting data. Reported incidents included SEC officials carrying sensitive data on personal devices and accounts, the use of outdated and unpatched software by federal agencies, and the use of unsecured and unencrypted hard drives to handle sensitive data.

"Federal guidelines are clear: when an agency identifies a weakness in its IT security, officials must record the problem, find a way to fix it, and assign themselves a deadline for completion," the report reads.

"As officials make progress and the weakness is eventually remedied, officials are supposed to update their records. Without that basic system in place, neither the agency nor the administration can tell if vulnerabilities are being addressed."

Among the incidents cataloged in the report is the 2013 release of a false Emergency Broadcast warning claiming a zombie attack, which aired in Michigan, Montana, and North Dakota.

Other incidents noted in the report included an Army Corps of Engineers breach of dam security information, and the revelation that Nuclear Regulatory Commission officials kept plant data on unsecured drives.

The committee members said that the incidents underscore lapses in security among government agencies which should be addressed as agencies move to increase their work with the private sector.

"Over more than a decade, the federal government has struggled to implement a mandate to protect its own IT systems from malicious attacks," the report reads.

"As we move forward on this national strategy to boost the cybersecurity of our nation's critical infrastructure, we cannot overlook the critical roles played by many government operations, and the dangerous vulnerabilities which persist in their information systems." ®

The Essential Guide to IT Transformation

More from The Register

next story
Just TWO climate committee MPs contradict IPCC: The two with SCIENCE degrees
'Greenhouse effect is real, but as for the rest of it ...'
'Blow it up': Plods pop round for chat with Commonwealth Games tweeter
You'd better not be talking about the council's housing plans
Has Europe cut the UK adrift on data protection?
EU reckons we've one foot out the door anyway
Arrr: Freetard-bothering Digital Economy Act tied up, thrown in the hold
Ministry of Fun confirms: Yes, we're busy doing nothing
Government's 'Google Review' copyright rules become law
Welcome in a New Era ... of copyright litigation
Help yourself to anyone's photos FOR FREE, suggests UK.gov
Copyright law reforms will keep m'learned friends busy
Apple smacked with privacy sueball over Location Services
Class action launched on behalf of 100 million iPhone owners
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.
Maximize storage efficiency across the enterprise
The HP StoreOnce backup solution offers highly flexible, centrally managed, and highly efficient data protection for any enterprise.