A US Senate probe has once again outlined the woeful state of computer and information security within Uncle Sam's civil service.
A committee report (PDF) examining a decade of internal audits this week concluded that outdated systems, unpatched software, and weak data protection are so widespread that it's clear American bureaucrats fail to meet even basic security requirements.
To produce this damning dossiers[sic], the Senate's Permanent Subcommittee on Investigations pored over a decade of findings from inspector-general-led probes into information security practices within the Department of Homeland Security, State Department, Department of Transportation, Department of Housing and Urban Development, Department of Agriculture, Department of Health and Human Services, Department of Education, and the Social Security Administration.
Of those eight organizations, seven were found to be unable to adequately protect personally identifiable information stored on their systems, six were unable to properly patch their systems against security threats, five were in violation of IT asset inventory-keeping requirements, and all eight were using either hardware or software that had been retired by the vendor and was no longer supported.
"Despite major data breaches like OPM, the federal government remains unprepared to confront the dynamic cyber threats of today," the report noted.
"The longstanding cyber vulnerabilities consistently highlighted by Inspectors General illustrate the federal government's failure to meet basic cybersecurity standards to protect sensitive data."
(Score: 2) by JoeMerchant on Wednesday June 26 2019, @02:23PM
And managed by ordinary human beings, too.
Just declaring a top-down mandate that "we're going to follow security best practices, now" does virtually nothing.
You can drive security practices into a workplace culture, but it's like any other cultural shift, and government workers/organizations don't have the most stellar track record as a group who makes the best efforts to excel at their jobs.
🌻🌻 [google.com]