The Incredibly Dumb Way the Government Is Guarding Top-Secret Data

Federal departments have made themselves pretty easy to hack, says a new report.

National Journal
Alex Brown
Add to Briefcase
Alex Brown
Feb. 4, 2014, 10:46 a.m.

Some of the fed­er­al gov­ern­ment’s most sens­it­ive data are pro­tec­ted by pass­words that wouldn’t pass muster for even the most ba­sic ci­vil­ian email ac­count, ac­cord­ing to a new con­gres­sion­al re­port.

Pass­words like “pass­word,” “qwerty,” and users’ names have left Home­land Se­cur­ity De­part­ment data vul­ner­able, says a re­port re­leased Tues­day by the Re­pub­lic­an staff of the Sen­ate Home­land Se­cur­ity and Gov­ern­ment­al Af­fairs Com­mit­tee.

And the pass­word fiasco, the re­port says, is only the tip of the ice­berg — plenty of oth­er agen­cies have lost sens­it­ive data as well.

The Nuc­le­ar Reg­u­lat­ory Com­mis­sion left nuc­le­ar-plant se­cur­ity de­tails on a shared drive with no pro­tec­tion. Hack­ers swiped In­form­a­tion on the na­tion’s dams — in­clud­ing their weak­nesses and cata­stroph­ic po­ten­tial if breached — from an Army Corps of En­gin­eers data­base.

All that’s too much for Sen. Tom Coburn of Ok­lahoma, the pan­el’s top Re­pub­lic­an. “Weak­nesses in the fed­er­al gov­ern­ment’s own cy­ber­se­cur­ity have put at risk the elec­tric­al grid, our fin­an­cial mar­kets, our emer­gency-re­sponse sys­tems, and our cit­izens’ per­son­al in­form­a­tion,” he said.

So far, the se­cur­ity fail­ings have been more comed­ic than cata­stroph­ic (in one in­stance, hack­ers used the Emer­gency Broad­cast Sys­tem to warn TV view­ers of a zom­bie out­break). But the re­port warned we may not be so lucky in the fu­ture — and the prob­lem ap­pears to be wide­spread:

In ad­di­tion, hack­ers have pen­et­rated, taken con­trol of, caused dam­age to, and/or stolen sens­it­ive per­son­al and of­fi­cial in­form­a­tion from com­puter sys­tems at the De­part­ments of Home­land Se­cur­ity, Justice, De­fense, State, Labor, En­ergy, and Com­merce; NASA; the En­vir­on­ment­al Pro­tec­tion Agency; the Of­fice of Per­son­nel Man­age­ment; the Fed­er­al Re­serve; the Com­mod­ity Fu­tures Trad­ing Com­mis­sion; the Food and Drug Ad­min­is­tra­tion; the U.S. Copy­right Of­fice; and the Na­tion­al Weath­er Ser­vice.

“These are just hacks whose de­tails be­came known to the pub­lic,” the re­port ad­ded.

At the Nuc­le­ar Reg­u­lat­ory Com­mis­sion — re­spons­ible for safe­guard­ing the na­tion’s nuc­le­ar plants — faith in IT is so bad that em­ploy­ees have star­ted buy­ing their own com­puters and set­ting up sep­ar­ate net­works, which cre­ates a whole new series of se­cur­ity con­cerns.

Things aren’t much bet­ter at the De­part­ment of Home­land Se­cur­ity. “To take just one ex­ample, weak­nesses found in the of­fice of the Chief In­form­a­tion Of­ficer for ICE in­cluded 10 pass­words writ­ten down, 15 FOUO (For Of­fi­cial Use Only) doc­u­ments left out, three keys, six un­locked laptops — even two cred­it cards left out,” the re­port stated.

NRC spokes­man Eli­ot Bren­ner said many of that agency’s safety is­sues have already been ad­dressed. All 44 se­cur­ity re­com­mend­a­tions in re­ports cited by the com­mit­tee have been closed or re­solved pending fi­nal im­ple­ment­a­tion, he said. “The NRC takes in­form­a­tion se­cur­ity very ser­i­ously and works con­tinu­ously to­ward im­prove­ments,” Bren­ner said.

What We're Following See More »
“CLEAN REPEAL”
Senate Votes Down Repeal without Replace
4 hours ago
THE LATEST
SECOND QUARTER OF SALARY
Trump to Donate $100,000 to Dept. of Education
4 hours ago
THE LATEST
HEADED TO INPATIENT REHAB
Scalise Released From Hospital
8 hours ago
THE LATEST
AMDIST TRUMP’S CRITICISM
Session to Annouce Leak Investigations
10 hours ago
THE LATEST

The stand off between President Trump and A.G. Sessions is escalating. But Sessions is standing his ground and getting work done. "Officials said Sessions is due to announce in coming days a number of criminal leak investigations based on news accounts of sensitive intelligence information. And within hours of Trump’s public broadside, the Justice Department announced it would change a police funding program to add new requirements that cities help federal agents find undocumented immigrants to receive grants."

Source:
“DIALOGUE IMPOSSIBLE”
Russia Ready to Retaliate for New Sanctions
11 hours ago
THE LATEST

"Russia threatened to retaliate against new sanctions passed by the U.S. House of Representatives, saying they made it all but impossible to achieve the Trump administration’s goal of improved relations." Konstantin Kosachyov, chairman of the international affairs committee in Russia’s upper house of parliament, said hope “is dying” for improved relations because the scale of “the anti-Russian consensus in Congress makes dialogue impossible and for a long time." The bill passed with only three "no" votes.

Source:
×
×

Welcome to National Journal!

You are currently accessing National Journal from IP access. Please login to access this feature. If you have any questions, please contact your Dedicated Advisor.

Login