Monday, April 23, 2007

The Federal Government in the News

Recently, members of the U.S. House of Representatives Cybersecurity subcommittee recently held a hearing during which serious concerns were raised regarding the security of computers within the State and Commerce departments. The bottom line, from this article from CNET is that
21 of 24 major federal agencies had weak or deficient information security controls in place during the last fiscal year, according to audit reports, said Gregory Wilshusen, director of information security issues for the Government Accountability Office.

troublingly, many of the vulnerabilities can only be described as the result of bad IT practices, such as
failing to replace well-known vendor-supplied passwords on systems to not encrypting sensitive information to not creating adequate audit logs to track activity on their systems.
Of course, it's not at all clear how much the security flaws identified at the hearing even matter, given the federal government's exceptionally lax stance toward data privacy. For example, according to this article, which describes how, until recently, the Agriculture Department and Census Bureau were maintaining a publicly accessible database filled with private information, including social security numbers, of people who received loans from the Department of Agriculture. Thus, while threats from cyberterrorists on State Department servers might be significant, they almost seem redundant, given the amount of information which the government makes publicly available, but shoudln't.

No comments: