Sunday, February 2, 2014

DOS's Information System Security Program is still riddled with Security Gaps

More than three years after U.S. Army Pvt. Bradley Manning handed over hundreds of thousands of sensitive State Department cables to WikiLeaks, the department’s inspector general has warned in stark terms that State has done little since 2010 to fix an info-tech system that is riddled with security gaps, and has no plan yet for how to fix it.
At risk, the IG says, is not only “classified information vital to the preservation of national security in high-risk environments across the globe,” but the personal information on file concerning about 192 million American passport-holders. 
The public version of the inspector general’s accusations -- contained in an unprecedented “management alert” to State’s top officials and in the managerial responses to the alert -- have been heavily redacted for security reasons. 
The alert was circulated in the State Department bureaucracy in November. After a back-and-forth process between department managers and the IG’s office, it became accessible to outsiders in mid-January.
The problems it describes, however, have been festering far longer than that. Among other things, the alert says that: 
-- between 2011 and 2013 alone, six lengthy and detailed reports on information security (five by State’s inspector general’s office, and one by the Government Accountability Office) have found “recurring weaknesses” in a wide variety of cyber-security issues, including how State hands out and keeps track of passwords; certifies whether information systems are authorized to operate securely; protects its hardware, files and operating systems from hackers or other unauthorized users; and how it scans its systems to detect wayward patterns of behavior. 
--In most cases, despite repeated warnings, State Department bureaucrats have not formally reported the shortcomings to other federal agencies, including Homeland Security, though the inspector general argues it is obligated to do so.
Read the rest of the story HERE.

If you like what you see, please "Like" us on Facebook either here or here. Please follow us on Twitter here.

No comments: