Federal Agencies Ignore Good Security Practice

According to a recent government report, multiple government agencies have demonstrated extremely poor security practices, even while handling sensitive data. While this in itself is not surprising, the sheer vulnerability of our government’s network should concern the entire population of the US.

Several of the included agencies are The Nuclear Regulatory Commission, the FCC, and the Department of Homeland Security.  Security flaws found include: poor or default passwords set, out of date programs and anti-virus definitions, using programs/services that have known security vulnerabilities, not properly implementing any form of physical security (ie. allowing passwords to be written down, allowing government machines to be connected to personal networks), as well as several other unique cases.

Nearly all of the listed vulnerabilities are a direct result from poor training and poor management, rather than complex, directed attacks. With a government that has cyber warfare on it’s mind, at least the most basic steps should be taken to protect the sensitive data that each agency controls. Instead, it appears that multiple agencies within our government have only been able to stumble about and create vulnerabilities, rather than patch them.

Sources :

http://nakedsecurity.sophos.com/2014/02/06/report-shows-us-federal-agencies-are-failing-to-employ-very-basic-security-measures/

http://www.coburn.senate.gov/public/index.cfm?a=Files.Serve&File_id=f1d97a51-aca9-499f-a516-28eb872748c0

Advertisements

One thought on “Federal Agencies Ignore Good Security Practice

  1. This is pretty worrying; the government is big, and there will always be risks with so many workers, but some of the problems listed on the coburn.senate.gov are ridiculous. Saving sensitive information to unsecure network drives? Losing computers? Using “password” and “qwerty” as passwords? You would think computers have been around long enough for common sense to sink in…

    I wonder what the report didn’t cover…

Comments are closed.