Some of Our Sources
- Slashdot
- Engadget
- Mashable
- The Logo Smith
- Smashing Magazine
- Six Revisions
- Naldz Graphics
- Noupe
- Fudge Graphics
- Web Design Ledger
Help Webnuz
Referal links:
August 5, 2021 03:30 am
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/UVzaW8FmeQo/the-state-department-and-3-other-us-agencies-earn-a-d-for-cybersecurity
The State Department and 3 Other US Agencies Earn a D For Cybersecurity
An anonymous reader quotes a report from Ars Technica: Cybersecurity at eight federal agencies is so poor that four of them earned grades of D, three got Cs, and only one received a B in a report issued Tuesday by a US Senate Committee. "It is clear that the data entrusted to these eight key agencies remains at risk," the 47-page report stated. "As hackers, both state-sponsored and otherwise, become increasingly sophisticated and persistent, Congress and the executive branch cannot continue to allow PII and national security secrets to remain vulnerable." The report, issued by the Senate Committee on Homeland Security and Governmental Affairs, comes two years after a separate report found systemic failures by the same eight federal agencies in complying with federal cybersecurity standards. The earlier report (PDF) found that during the decade spanning 2008 to 2018, the agencies failed to properly protect personally identifiable information, maintain a list of all hardware and software used on agency networks, and install vendor-supplied security patches in a timely manner. The 2019 report also highlighted that the agencies were operating legacy systems that were costly to maintain and hard to secure. All eight agencies -- including the Social Security Administration and the Departments of Homeland Security, State, Transportation, Housing and Urban Development, Agriculture, Health and Human Services, and Education -- failed to protect sensitive information they stored or maintained. Tuesday's report, titled Federal Cybersecurity: America's Data Still at Risk, analyzed security practices by the same agencies for 2020. It found that only one agency had earned a grade of B for its cybersecurity practices last year. "What this report finds is stark," the authors wrote. "Inspectors general identified many of the same issues that have plagued Federal agencies for more than a decade. Seven agencies made minimal improvements, and only DHS managed to employ an effective cybersecurity regime for 2020. As such, this report finds that these seven Federal agencies still have not met the basic cybersecurity standards necessary to protect America's sensitive data." State Department systems, the auditors found, frequently operated without the required authorizations, ran software (including Microsoft Windows) that was no longer supported, and failed to install security patches in a timely manner. The department's user management system came under particular criticism because officials couldn't provide documentation of user access agreements for 60 percent of sample employees that had access to the department's classified network. "This network contains data which if disclosed to an unauthorized person could cause 'grave damage' to national security," the auditors write. "Perhaps more troubling, State failed to shut off thousands of accounts after extended periods of inactivity on both its classified and sensitive but unclassified networks. According to the Inspector General, some accounts remained active as long as 152 days after employees quit, retired, or were fired. Former employees or hackers could use those unexpired credentials to gain access to State's sensitive and classified information, while appearing to be an authorized user. The Inspector General warned that without resolving issues in this category, 'the risk of unauthorized access is significantly increased.'" Ars Technica adds that the Social Security Administration "suffered many of the same shortcomings, including a lack of authorization for many systems, use of unsupported systems, failure to Compile an Accurate and Comprehensive IT Asset Inventory, and Failure to Provide for the Adequate Protection of PII."Read more of this story at Slashdot.
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/UVzaW8FmeQo/the-state-department-and-3-other-us-agencies-earn-a-d-for-cybersecurity
Share this article:
Tweet
View Full Article
Slashdot
Slashdot was originally created in September of 1997 by Rob "CmdrTaco" Malda. Today it is owned by Geeknet, Inc..More About this Source Visit Slashdot