Stop us if you've heard this one: US government staff wildly oblivious to basic computer, info security safeguards

Now for deep-diving Congress hearings... LMAO JK JK they will do nothing


A US Senate probe has once again outlined the woeful state of computer and information security within Uncle Sam's civil service.

A committee report (PDF) examining a decade of internal audits this week concluded that outdated systems, unpatched software, and weak data protection are so widespread that it's clear American bureaucrats fail to meet even basic security requirements.

To produce this damning dossiers, the Senate's Permanent Subcommittee on Investigations pored over a decade of findings from inspector-general-led probes into information security practices within the Department of Homeland Security, State Department, Department of Transportation, Department of Housing and Urban Development, Department of Agriculture, Department of Health and Human Services, Department of Education, and the Social Security Administration.

Of those eight organizations, seven were found to be unable to adequately protect personally identifiable information stored on their systems, six were unable to properly patch their systems against security threats, five were in violation of IT asset inventory-keeping requirements, and all eight were using either hardware or software that had been retired by the vendor and was no longer supported.

Department of Homeland Security

Audit finds Department of Homeland Security's security is insecure

READ MORE

"Despite major data breaches like OPM, the federal government remains unprepared to confront the dynamic cyber threats of today," the report noted.

"The longstanding cyber vulnerabilities consistently highlighted by Inspectors General illustrate the federal government’s failure to meet basic cybersecurity standards to protect sensitive data."

In delivering the report, the Senate panel pointed out some of the previously reported security findings, such as a 2017 Homeland Security audit that found a malware scanning tool first introduced in 2013 was at the time only successfully running at 65 per cent of agencies. Or the 2018 inspector general finding that the department wasn't even able to comply with its own standards for an effective security program.

The findings were equally grim for other major federal departments. At Health and Human Services, for example, IT staff were unable to account for how much of its $10.2bn operations and maintenance budget was being spent on outdated, legacy systems that had in some cases been in use for as long as 14 years.

Meanwhile, the Department of Education Inspector General said that every year since 2011 the agency failed annual tests of its ability to keep unauthorized users from accessing its private network and stealing highly personal information.

Such failures, the committee noted, were depressingly common among all eight of the organizations studied, and were indications of a much more widespread lack of urgency to secure sensitive data.

US government's $6bn super firewall doesn't even monitor web traffic

READ MORE

"The failures cited above are not new," the committee noted. "Inspectors General have cited many of these same vulnerabilities for the past decade."

Despite issuing the scathing review, don't expect the Senate to actually hold anyone accountable for the lapse. Beltway news site The Hill cited an unnamed Congressional source in reporting that there are no hearings scheduled nor legislation in the works to address the findings of the report.

In other words, government agencies have been found unable to properly manage their own security, but they will be allowed to continue to do so anyway.

Apropos of nothing, Americans can register to vote in state and federal elections here. ®

Similar topics


Other stories you might like

  • Amazon warehouse staff granted second chance to vote for unionization

    US labor watchdog tosses previous failed result in the trash

    America's labor watchdog has given workers at Amazon’s warehouse in Bessemer, Alabama, another crack at voting for unionization after their first attempt failed earlier this year.

    “It is ordered that the election that commenced on February 8 is set aside, and a new election shall be conducted,” Lisa Henderson, regional director at the National Labor Relations Board, ruled [PDF] on Tuesday.

    “The National Labor Relations Board will conduct a second secret ballot election among the unit employees. Employees will vote whether they wish to be represented for purposes of collective bargaining by the Retail, Wholesale and Department Store Union.”

    Continue reading
  • It's the flu season – FluBot, that is: Surge of info-stealing Android malware detected

    And a bunch of bank-account-raiding trojans also identified

    FluBot, a family of Android malware, is circulating again via SMS messaging, according to authorities in Finland.

    The Nordic country's National Cyber Security Center (NCSC-FI) lately warned that scam messages written in Finnish are being sent in the hope that recipients will click the included link to a website that requests permission to install an application that's malicious.

    "The messages are written in Finnish," the NCSC-FI explained. "They are written without Scandinavian letters (å, ä and ö) and include, for example, the characters +, /, &, % and @ in illogical places in the text to make it more difficult for telecommunications operators to filter the messages. The theme of the text may be that the recipient has received a voicemail message or a message from their mobile operator."

    Continue reading
  • AsmREPL: Wing your way through x86-64 assembly language

    Assemblers unite

    Ruby developer and internet japester Aaron Patterson has published a REPL for 64-bit x86 assembly language, enabling interactive coding in the lowest-level language of all.

    REPL stands for "read-evaluate-print loop", and REPLs were first seen in Lisp development environments such as Lisp Machines. They allow incremental development: programmers can write code on the fly, entering expressions or blocks of code, having them evaluated – executed – immediately, and the results printed out. This was viable because of the way Lisp blurred the lines between interpreted and compiled languages; these days, they're a standard feature of most scripting languages.

    Patterson has previously offered ground-breaking developer productivity enhancements such as an analogue terminal bell and performance-enhancing firmware for the Stack Overflow keyboard. This only has Ctrl, C, and V keys for extra-easy copy-pasting, but Patterson's firmware removes the tedious need to hold control.

    Continue reading

Biting the hand that feeds IT © 1998–2021