Some of the federal government’s most sensitive data are protected by passwords that wouldn’t pass muster for even the most basic civilian email account, according to a new congressional report.
Passwords like “password,” “qwerty,” and users’ names have left Homeland Security Department data vulnerable, says a report released Tuesday by the Republican staff of the Senate Homeland Security and Governmental Affairs Committee.
And the password fiasco, the report says, is only the tip of the iceberg — plenty of other agencies have lost sensitive data as well.
The Nuclear Regulatory Commission left nuclear-plant security details on a shared drive with no protection. Hackers swiped Information on the nation’s dams — including their weaknesses and catastrophic potential if breached — from an Army Corps of Engineers database.
All that’s too much for Sen. Tom Coburn of Oklahoma, the panel’s top Republican. “Weaknesses in the federal government’s own cybersecurity have put at risk the electrical grid, our financial markets, our emergency-response systems, and our citizens’ personal information,” he said.
So far, the security failings have been more comedic than catastrophic (in one instance, hackers used the Emergency Broadcast System to warn TV viewers of a zombie outbreak). But the report warned we may not be so lucky in the future — and the problem appears to be widespread:
In addition, hackers have penetrated, taken control of, caused damage to, and/or stolen sensitive personal and official information from computer systems at the Departments of Homeland Security, Justice, Defense, State, Labor, Energy, and Commerce; NASA; the Environmental Protection Agency; the Office of Personnel Management; the Federal Reserve; the Commodity Futures Trading Commission; the Food and Drug Administration; the U.S. Copyright Office; and the National Weather Service.
“These are just hacks whose details became known to the public,” the report added.
At the Nuclear Regulatory Commission — responsible for safeguarding the nation’s nuclear plants — faith in IT is so bad that employees have started buying their own computers and setting up separate networks, which creates a whole new series of security concerns.
Things aren’t much better at the Department of Homeland Security. “To take just one example, weaknesses found in the office of the Chief Information Officer for ICE included 10 passwords written down, 15 FOUO (For Official Use Only) documents left out, three keys, six unlocked laptops — even two credit cards left out,” the report stated.
NRC spokesman Eliot Brenner said many of that agency’s safety issues have already been addressed. All 44 security recommendations in reports cited by the committee have been closed or resolved pending final implementation, he said. “The NRC takes information security very seriously and works continuously toward improvements,” Brenner said.
What We're Following See More »
"The Senate approved the Republican-proposed budget Thursday night, a major step forward for the GOP effort to enact tax cuts. The budget, which now moves to the House, is projected to expand the deficit by $1.5 trillion over 10 years. Its passage will allow the GOP to use a procedural maneuver to pass tax legislation through the Senate with 50 or more votes, removing the need for support from Democratic senators."
"President Donald Trump overrode his own advisers when he promised to deliver an emergency declaration next week to combat the nation’s worsening opioid crisis ... Blindsided officials are now scrambling to develop such a plan, but it is unclear when it will be announced, how or if it will be done, and whether the administration has the permanent leadership to execute it, said two administration officials. 'They are not ready for this,' a public health advocate said of an emergency declaration after talking to Health and Human Services officials enlisted in the effort."
"The number of U.S. adults without health insurance is up nearly 3.5 million this year, as rising premiums and political turmoil over 'Obamacare' undermine coverage gains that drove the nation’s uninsured rate to a historic low. That finding is based on the latest installment of a major survey, released Friday. The Gallup-Sharecare Well-Being Index asks a random sample of 500 people each day whether they have health insurance."
The initial data Twitter gave to the Senate's Russia Probe was "a batch of tweets that the Kremlin’s English-language news network paid the company to promote, The Daily Beast has learned. That’s just a sliver of what investigators believe to be Russia’s propaganda campaign on the social network—which helps explain the dissatisfaction that followed those first disclosures."
"Senate Democrats on Thursday failed in their first attempt to save the state and local tax deduction, which helps many residents of California and other high-cost states reduce their federal income tax bills. The Republican-controlled Senate voted 52-47 to reject an amendment that would have prevented the Senate from considering any bill that repeals or limits the deduction as part of a planned tax overhaul."