This article I read was about the Nevada Department of Corrections. They were audited a couple weeks backs and auditors found that they were not updating their system’s security. It was found that over 211 desktop systems there had not had system upgrades in months and one prison indicated that the equipment there had not been upgraded since 2010.
This is a fairly long time, though it seems that a majority of companies have not been updating their systems, leaving vulnerabilities open for hackers to exploit. The state put in standards for virus protection on their computers and some boxes didn’t even meet this standard.
The auditors say that the department needs more controls to make sure that things such as sensitive information stored in photocopiers are erased. Luckily since this audit, they have been working on correcting the problems in their systems.
Link:
http://www.rgj.com/story/news/2014/04/30/nevada-audit-cites-lax-prison-computer-security/8510289/
RIT Cyber Security Policy and Law Class Blog 
Were these computers being used by the inmates, or were they part of the infrastructure of the prison? I might be able to understand if the computers were on a closed network and basically had no connection to the outside world. An insecure computer would be just as safe as an up to date one in that case
I think the prison may have had a program in place for the criminals to learn to hack (on a level better than RIT teaches). So that way when they are released they can move to cyber crime.
I still think that these computers should always receive updates, even if they were being used in a close network or by inmates. The article said there is sensitive information in this network (using photocopiers) and they should be even more careful to keep the network safe in this case.
You’d think a prison would have some idea of the importance of security…but I suppose computers aren’t high on their priority list. Everything should still be secured though, especially since they’re often dealing with sensitive information. People have a habit of connecting things to networks they shouldn’t…
yeah, cause the prison usb drive black market is a booming business, right? Seriously though, do police like bring their own computers to the prison if they have like a night shit or something? That could be a potential threat to the system
I don’t think so. I would hope the guard doesn’t bring his/her own laptop for personal recreation. They need to be beating the prisoners in staring contests and showing them that guards aren’t scrubs with guns.
Computer security is widely ignored so its not surprising in the least. Im not sure its that big of deal depending on what infomation is on the computer and what you can actaully do with it
It’s sad to say that I’m not surprised to hear about this. This was just one state department that happened to be audited. Think of all the other companies and departments which haven’t been audited and are likely in the same situation.
To be fair, the reason this is in the news is because it’s noteworthy. Prisons get audited enough such that normally vulnerabilities are caught, at least I’d think. You don’t really hear about prisons getting hacked, but then again I don’t think the news companies would want you to hear about that.
I agree, there are so many vulnerabilities out there, and computers that are lacking critical updates. Now, it might not matter since they were all probably running XP (or maybe WIn 98)
I wonder what sensitive data is at risk from this. At least they’re not running Vista.
Nothing important, who cares if you steal the identity of a hardcore gang banger. At least you could live the thug life
It’s so easy to update i don’t understand why they weren’t doing it
I agree it is easy to do. However, there are a lot of people that don’t have basic computer skills.
Clearly because the prison knew that XP wouldn’t be supported at some point in the future, so it wasn’t worth the time.
Prisons also do not get a lot when it comes to money, they are just like the public school systems. They only spend money on what they think is really necessary and most of the time technology and computers are not on that list
Do you think prisons should have access to computers and all the of the internet’s infinite wisdom?
I think that since it’s only the computers the prisoners use, it’s not a huge deal. As long as the computers aren’t networked to crucial databases or sensitive computers.
I dont really know what prisoners would use a computer for.
Minesweeper ?
Even if these computers where not apart of the prisons network do you think they chould have access to this type of resource?
Even if these, computers are limited in connectivity, these computers should be protected. In my opinion a prison should be secure in all senses of the word, and in this day and age cyber security cannot be neglected, especially if its own inmates are being taught how to hack/program.
Here’s an interesting take off of that idea: what if we taught prisoners how to hack? We could have the largest group of hackers in the world. With the number of people currently incarcerated, we could make the world’s first “human botnet.”