February 6, 2014

Scary is the word for the cybersecurity at federal agencies

It's not just Healthcare.gov that's  a "honeypot for hackers" where applicants have "no reasonable expectation of privacy"

Senate cybersecurity report finds agencies often fail to take basic preventive measures against even modestly skilled hackers.

The report…paints a broader picture of chronic dysfunction, citing repeated failures by federal officials to perform the unglamorous work of information security. That includes installing security patches, updating anti-virus software, communicating on secure networks and requiring strong passwords. A common password on federal systems, the report found, is “password".

The report levels particularly tough criticism at the Department of Homeland Security, which helps oversee cybersecurity at other federal agencies. The report concluded that the department had failed even to update essential software — “the basic security measure just about any American with a computer has performed.”

Report: 4 in 10 Government Security Breaches Go Undetected  DHS, DOJ, DOD, EPA, NASA, Energy, State routinely hacked

Nearly every agency has been attacked, including the Departments of Homeland Security, Justice, Defense, State, Labor, Energy, and Commerce. NASA, the EPA, the FDA, the U.S. Copyright Office, and the National Weather Service have also been hacked or had personal information stolen.

In one example, hackers breached the national Emergency Broadcast System in February 2013 to broadcast “zombie attack warnings” in several midwestern states.
Even worse, nearly four in 10 intrusions into major civilian agencies go undetected….
The Nuclear Regulatory Commission, which contains volumes of information on the nation’s nuclear facilities, “regularly experiences unauthorized disclosures of sensitive information,” according to the report.

The agency has “no official process for reporting” breaches, cannot keep track of how many laptops it has, and kept information on its own cybersecurity programs, and its commissioner’s “passport photo, credit card image, home address, and phone number,” on an unsecure shared drive.
“Weaknesses in the federal government’s own cybersecurity have put at risk the electrical grid, our financial markets, our emergency response systems, and our citizens’ personal information,” Coburn, ranking member of the Homeland Security and Governmental Affairs Committee, said in a statement. “While politicians like to propose complex new regulations, massive new programs, and billions in new spending to improve cybersecurity, there are very basic—and critically important—precautions that could protect our infrastructure and our citizens’ private information that we simply aren’t doing.”
Posted by Jill Fallon at February 6, 2014 10:07 AM | Permalink