The Incredibly Dumb Way the Government Is Guarding Top-Secret Data

Federal departments have made themselves pretty easy to hack, says a new report.

National Journal
Alex Brown
Add to Briefcase
Alex Brown
Feb. 4, 2014, 10:46 a.m.

Some of the fed­er­al gov­ern­ment’s most sens­it­ive data are pro­tec­ted by pass­words that wouldn’t pass muster for even the most ba­sic ci­vil­ian email ac­count, ac­cord­ing to a new con­gres­sion­al re­port.

Pass­words like “pass­word,” “qwerty,” and users’ names have left Home­land Se­cur­ity De­part­ment data vul­ner­able, says a re­port re­leased Tues­day by the Re­pub­lic­an staff of the Sen­ate Home­land Se­cur­ity and Gov­ern­ment­al Af­fairs Com­mit­tee.

And the pass­word fiasco, the re­port says, is only the tip of the ice­berg — plenty of oth­er agen­cies have lost sens­it­ive data as well.

The Nuc­le­ar Reg­u­lat­ory Com­mis­sion left nuc­le­ar-plant se­cur­ity de­tails on a shared drive with no pro­tec­tion. Hack­ers swiped In­form­a­tion on the na­tion’s dams — in­clud­ing their weak­nesses and cata­stroph­ic po­ten­tial if breached — from an Army Corps of En­gin­eers data­base.

All that’s too much for Sen. Tom Coburn of Ok­lahoma, the pan­el’s top Re­pub­lic­an. “Weak­nesses in the fed­er­al gov­ern­ment’s own cy­ber­se­cur­ity have put at risk the elec­tric­al grid, our fin­an­cial mar­kets, our emer­gency-re­sponse sys­tems, and our cit­izens’ per­son­al in­form­a­tion,” he said.

So far, the se­cur­ity fail­ings have been more comed­ic than cata­stroph­ic (in one in­stance, hack­ers used the Emer­gency Broad­cast Sys­tem to warn TV view­ers of a zom­bie out­break). But the re­port warned we may not be so lucky in the fu­ture — and the prob­lem ap­pears to be wide­spread:

In ad­di­tion, hack­ers have pen­et­rated, taken con­trol of, caused dam­age to, and/or stolen sens­it­ive per­son­al and of­fi­cial in­form­a­tion from com­puter sys­tems at the De­part­ments of Home­land Se­cur­ity, Justice, De­fense, State, Labor, En­ergy, and Com­merce; NASA; the En­vir­on­ment­al Pro­tec­tion Agency; the Of­fice of Per­son­nel Man­age­ment; the Fed­er­al Re­serve; the Com­mod­ity Fu­tures Trad­ing Com­mis­sion; the Food and Drug Ad­min­is­tra­tion; the U.S. Copy­right Of­fice; and the Na­tion­al Weath­er Ser­vice.

“These are just hacks whose de­tails be­came known to the pub­lic,” the re­port ad­ded.

At the Nuc­le­ar Reg­u­lat­ory Com­mis­sion — re­spons­ible for safe­guard­ing the na­tion’s nuc­le­ar plants — faith in IT is so bad that em­ploy­ees have star­ted buy­ing their own com­puters and set­ting up sep­ar­ate net­works, which cre­ates a whole new series of se­cur­ity con­cerns.

Things aren’t much bet­ter at the De­part­ment of Home­land Se­cur­ity. “To take just one ex­ample, weak­nesses found in the of­fice of the Chief In­form­a­tion Of­ficer for ICE in­cluded 10 pass­words writ­ten down, 15 FOUO (For Of­fi­cial Use Only) doc­u­ments left out, three keys, six un­locked laptops — even two cred­it cards left out,” the re­port stated.

NRC spokes­man Eli­ot Bren­ner said many of that agency’s safety is­sues have already been ad­dressed. All 44 se­cur­ity re­com­mend­a­tions in re­ports cited by the com­mit­tee have been closed or re­solved pending fi­nal im­ple­ment­a­tion, he said. “The NRC takes in­form­a­tion se­cur­ity very ser­i­ously and works con­tinu­ously to­ward im­prove­ments,” Bren­ner said.

What We're Following See More »
SAYS HIS DEATH STEMMED FROM A FISTFIGHT
Saudis Admit Khashoggi Killed in Embassy
17 hours ago
THE LATEST

"Saudi Arabia said Saturday that Jamal Khashoggi, the dissident Saudi journalist who disappeared more than two weeks ago, had died after an argument and fistfight with unidentified men inside the Saudi Consulate in Istanbul. Eighteen men have been arrested and are being investigated in the case, Saudi state-run media reported without identifying any of them. State media also reported that Maj. Gen. Ahmed al-Assiri, the deputy director of Saudi intelligence, and other high-ranking intelligence officials had been dismissed."

Source:
ROGER STONE IN THE CROSSHAIRS?
Mueller Looking into Ties Between WikiLeaks, Conservative Groups
17 hours ago
THE LATEST

"Special counsel Robert Mueller’s investigation is scrutinizing how a collection of activists and pundits intersected with WikiLeaks, the website that U.S. officials say was the primary conduit for publishing materials stolen by Russia, according to people familiar with the matter. Mr. Mueller’s team has recently questioned witnesses about the activities of longtime Trump confidante Roger Stone, including his contacts with WikiLeaks, and has obtained telephone records, according to the people familiar with the matter."

Source:
PROBING COLLUSION AND OBSTRUCTION
Mueller To Release Key Findings After Midterms
17 hours ago
THE LATEST

"Special Counsel Robert Mueller is expected to issue findings on core aspects of his Russia probe soon after the November midterm elections ... Specifically, Mueller is close to rendering judgment on two of the most explosive aspects of his inquiry: whether there were clear incidents of collusion between Russia and Donald Trump’s 2016 campaign, and whether the president took any actions that constitute obstruction of justice." Mueller has faced pressure to wrap up the investigation from Deputy Attorney General Rod Rosenstein, said an official, who would receive the results of the investigation and have "some discretion in deciding what is relayed to Congress and what is publicly released," if he remains at his post.

Source:
PASSED ON SO-CALLED "SAR" REPORTS
FinCen Official Charged with Leaking Info on Manafort, Gates
17 hours ago
THE DETAILS
"A senior official working for the Treasury Department's Financial Crimes Enforcement Network (FinCEN) has been charged with leaking confidential financial reports on former Trump campaign advisers Paul Manafort, Richard Gates and others to a media outlet. Prosecutors say that Natalie Mayflower Sours Edwards, a senior adviser to FinCEN, photographed what are called suspicious activity reports, or SARs, and other sensitive government files and sent them to an unnamed reporter, in violation of U.S. law."
Source:
FIRST CHARGE FOR MIDTERMS
DOJ Charges Russian For Meddling In 2018 Midterms
17 hours ago
THE LATEST

"The Justice Department on Friday charged a Russian woman for her alleged role in a conspiracy to interfere with the 2018 U.S. election, marking the first criminal case prosecutors have brought against a foreign national for interfering in the upcoming midterms. Elena Khusyaynova, 44, was charged with conspiracy to defraud the United States. Prosecutors said she managed the finances of 'Project Lakhta,' a foreign influence operation they said was designed 'to sow discord in the U.S. political system' by pushing arguments and misinformation online about a host of divisive political issues, including immigration, the Confederate flag, gun control and the National Football League national-anthem protests."

Source:
×
×

Welcome to National Journal!

You are currently accessing National Journal from IP access. Please login to access this feature. If you have any questions, please contact your Dedicated Advisor.

Login