Security Sites Vulnerable: Report

Thursday, September 17, 2015 @ 05:09 PM gHale

The U.S. department charged with protecting government computers needs to secure its own information systems better, according to an audit released on Tuesday that showed lapses in internal systems used by the Secret Service (USSS) and Immigration and Customs Enforcement (ICE).

The Department of Homeland Security (DHS) also needs to establish a cyber training program for analysts and investigators with officials from several agencies blaming short-term budget allocations from Congress for their training cuts, the audit said.

IRS Breach Bigger than Thought
DoL Security Vulnerable
Series of Attacks: Travel Firms Hacked
United Hack Connects to Attack Group

“We identified vulnerabilities on internal websites at ICE and USSS that may allow unauthorized individuals to gain access to sensitive data,” according to the report by the Office of the Inspector General for DHS.

The websites see action from ICE and Secret Service agents to report investigation statistics, case tracking and information sharing, the report said.

The audit said the 240,000-employee department has made progress in strengthening cyber coordination between agencies and made nine recommendations, which DHS accepted and said it was working to address.

The recommendations come as federal government’s cyber security practices are under intense scrutiny following recent breaches at the Office of Personnel Management, White House, State Department and other agencies.

The report focused on ICE, Secret Service and the National Protection and Programs Directorate, which protects government computers and the nation’s critical infrastructure from cyber attack. Responsibilities of ICE and the Secret Service include money laundering, financial and commercial fraud, bank and credit card fraud and identity theft.

Officials from ICE, NPPD and the Secret Service told investigators the agencies’ ability to conduct proper training programs has been hampered by the stop-gap funding bills Congress has been passing because of its inability to approve yearlong spending in a timely way.

One ICE analyst told investigators he had not attended any formal training in four years, partly because of federal budget cuts known as sequestration, and invested his own time and money for cyber training.

“Without developing the department-wide training program, component personnel may not possess the skills necessary to perform their assigned incident response duties or investigative responsibilities in the event of a cyber attack,” the report said.

The inspector general also said the department needs to develop a strategic plan to coordinate cyber activities and would benefit from automated capability for near real-time incident information sharing.