21 of 24 major federal agencies had weak or deficient information security controls in place during the last fiscal year, according to audit reports, said Gregory Wilshusen, director of information security issues for the Government Accountability Office.
troublingly, many of the vulnerabilities can only be described as the result of bad IT practices, such as
failing to replace well-known vendor-supplied passwords on systems to not encrypting sensitive information to not creating adequate audit logs to track activity on their systems.Of course, it's not at all clear how much the security flaws identified at the hearing even matter, given the federal government's exceptionally lax stance toward data privacy. For example, according to this article, which describes how, until recently, the Agriculture Department and Census Bureau were maintaining a publicly accessible database filled with private information, including social security numbers, of people who received loans from the Department of Agriculture. Thus, while threats from cyberterrorists on State Department servers might be significant, they almost seem redundant, given the amount of information which the government makes publicly available, but shoudln't.