The Incredibly Dumb Way the Government Is Guarding Top-Secret Data

Federal departments have made themselves pretty easy to hack, says a new report.

National Journal
Alex Brown
Add to Briefcase
Alex Brown
Feb. 4, 2014, 10:46 a.m.

Some of the fed­er­al gov­ern­ment’s most sens­it­ive data are pro­tec­ted by pass­words that wouldn’t pass muster for even the most ba­sic ci­vil­ian email ac­count, ac­cord­ing to a new con­gres­sion­al re­port.

Pass­words like “pass­word,” “qwerty,” and users’ names have left Home­land Se­cur­ity De­part­ment data vul­ner­able, says a re­port re­leased Tues­day by the Re­pub­lic­an staff of the Sen­ate Home­land Se­cur­ity and Gov­ern­ment­al Af­fairs Com­mit­tee.

And the pass­word fiasco, the re­port says, is only the tip of the ice­berg — plenty of oth­er agen­cies have lost sens­it­ive data as well.

The Nuc­le­ar Reg­u­lat­ory Com­mis­sion left nuc­le­ar-plant se­cur­ity de­tails on a shared drive with no pro­tec­tion. Hack­ers swiped In­form­a­tion on the na­tion’s dams — in­clud­ing their weak­nesses and cata­stroph­ic po­ten­tial if breached — from an Army Corps of En­gin­eers data­base.

All that’s too much for Sen. Tom Coburn of Ok­lahoma, the pan­el’s top Re­pub­lic­an. “Weak­nesses in the fed­er­al gov­ern­ment’s own cy­ber­se­cur­ity have put at risk the elec­tric­al grid, our fin­an­cial mar­kets, our emer­gency-re­sponse sys­tems, and our cit­izens’ per­son­al in­form­a­tion,” he said.

So far, the se­cur­ity fail­ings have been more comed­ic than cata­stroph­ic (in one in­stance, hack­ers used the Emer­gency Broad­cast Sys­tem to warn TV view­ers of a zom­bie out­break). But the re­port warned we may not be so lucky in the fu­ture — and the prob­lem ap­pears to be wide­spread:

In ad­di­tion, hack­ers have pen­et­rated, taken con­trol of, caused dam­age to, and/or stolen sens­it­ive per­son­al and of­fi­cial in­form­a­tion from com­puter sys­tems at the De­part­ments of Home­land Se­cur­ity, Justice, De­fense, State, Labor, En­ergy, and Com­merce; NASA; the En­vir­on­ment­al Pro­tec­tion Agency; the Of­fice of Per­son­nel Man­age­ment; the Fed­er­al Re­serve; the Com­mod­ity Fu­tures Trad­ing Com­mis­sion; the Food and Drug Ad­min­is­tra­tion; the U.S. Copy­right Of­fice; and the Na­tion­al Weath­er Ser­vice.

“These are just hacks whose de­tails be­came known to the pub­lic,” the re­port ad­ded.

At the Nuc­le­ar Reg­u­lat­ory Com­mis­sion — re­spons­ible for safe­guard­ing the na­tion’s nuc­le­ar plants — faith in IT is so bad that em­ploy­ees have star­ted buy­ing their own com­puters and set­ting up sep­ar­ate net­works, which cre­ates a whole new series of se­cur­ity con­cerns.

Things aren’t much bet­ter at the De­part­ment of Home­land Se­cur­ity. “To take just one ex­ample, weak­nesses found in the of­fice of the Chief In­form­a­tion Of­ficer for ICE in­cluded 10 pass­words writ­ten down, 15 FOUO (For Of­fi­cial Use Only) doc­u­ments left out, three keys, six un­locked laptops — even two cred­it cards left out,” the re­port stated.

NRC spokes­man Eli­ot Bren­ner said many of that agency’s safety is­sues have already been ad­dressed. All 44 se­cur­ity re­com­mend­a­tions in re­ports cited by the com­mit­tee have been closed or re­solved pending fi­nal im­ple­ment­a­tion, he said. “The NRC takes in­form­a­tion se­cur­ity very ser­i­ously and works con­tinu­ously to­ward im­prove­ments,” Bren­ner said.

What We're Following See More »
WWE WRESTLING OWNER
Trump to Nominate Linda McMahon to Head SBA
9 hours ago
THE LATEST
$6.3 BILLION FOR RESEARCH AND OPIOIDS
Senate Sends Medical Cures Bill to Obama’s Desk
14 hours ago
THE LATEST
HAD CONSIDERED RUNNING FOR GUV IN 2018
Oklahoma AG Pruitt to Get the Nod for EPA Chief
15 hours ago
THE DETAILS
TO BE ANNOUNCED IN COMING DAYS
Trump To Nominate Gen. John Kelly For Homeland Security
18 hours ago
THE LATEST

Donald Trump has chosen Gen. James Kelly to be his secretary of homeland security, making Kelly the third general tapped by Trump to serve in his administration. The official announcement is likely to come in the next couple of days. Kelly, who did not endorse Trump during the campaign, "was the commander of U.S. Southern Command until earlier this year."

Source:
EFFORT LIKELY TO DIE IN COMMITTEE
Jordan Can’t Force a Floor Vote on Impeaching Koskinen
1 days ago
THE LATEST
House Freedom Caucus Chairman Jim Jordan attempted to force a floor vote on impeaching IRS Commissioner John Koskinen, but "the House voted overwhelmingly to refer it to the Judiciary Committee. ... The committee will not be required to take up the resolution." Earlier, House Minority Leader Nancy Pelosi "made a motion to table the resolution, which the House voted against by a 180-235 margin, mostly along party lines."
Source:
×
×

Welcome to National Journal!

You are currently accessing National Journal from IP access. Please login to access this feature. If you have any questions, please contact your Dedicated Advisor.

Login