Some of the federal government’s most sensitive data are protected by passwords that wouldn’t pass muster for even the most basic civilian email account, according to a new congressional report.
Passwords like “password,” “qwerty,” and users’ names have left Homeland Security Department data vulnerable, says a report released Tuesday by the Republican staff of the Senate Homeland Security and Governmental Affairs Committee.
And the password fiasco, the report says, is only the tip of the iceberg — plenty of other agencies have lost sensitive data as well.
The Nuclear Regulatory Commission left nuclear-plant security details on a shared drive with no protection. Hackers swiped Information on the nation’s dams — including their weaknesses and catastrophic potential if breached — from an Army Corps of Engineers database.
All that’s too much for Sen. Tom Coburn of Oklahoma, the panel’s top Republican. “Weaknesses in the federal government’s own cybersecurity have put at risk the electrical grid, our financial markets, our emergency-response systems, and our citizens’ personal information,” he said.
So far, the security failings have been more comedic than catastrophic (in one instance, hackers used the Emergency Broadcast System to warn TV viewers of a zombie outbreak). But the report warned we may not be so lucky in the future — and the problem appears to be widespread:
In addition, hackers have penetrated, taken control of, caused damage to, and/or stolen sensitive personal and official information from computer systems at the Departments of Homeland Security, Justice, Defense, State, Labor, Energy, and Commerce; NASA; the Environmental Protection Agency; the Office of Personnel Management; the Federal Reserve; the Commodity Futures Trading Commission; the Food and Drug Administration; the U.S. Copyright Office; and the National Weather Service.
“These are just hacks whose details became known to the public,” the report added.
At the Nuclear Regulatory Commission — responsible for safeguarding the nation’s nuclear plants — faith in IT is so bad that employees have started buying their own computers and setting up separate networks, which creates a whole new series of security concerns.
Things aren’t much better at the Department of Homeland Security. “To take just one example, weaknesses found in the office of the Chief Information Officer for ICE included 10 passwords written down, 15 FOUO (For Official Use Only) documents left out, three keys, six unlocked laptops — even two credit cards left out,” the report stated.
NRC spokesman Eliot Brenner said many of that agency’s safety issues have already been addressed. All 44 security recommendations in reports cited by the committee have been closed or resolved pending final implementation, he said. “The NRC takes information security very seriously and works continuously toward improvements,” Brenner said.
What We're Following See More »
"Saudi Arabia said Saturday that Jamal Khashoggi, the dissident Saudi journalist who disappeared more than two weeks ago, had died after an argument and fistfight with unidentified men inside the Saudi Consulate in Istanbul. Eighteen men have been arrested and are being investigated in the case, Saudi state-run media reported without identifying any of them. State media also reported that Maj. Gen. Ahmed al-Assiri, the deputy director of Saudi intelligence, and other high-ranking intelligence officials had been dismissed."
"Special counsel Robert Mueller’s investigation is scrutinizing how a collection of activists and pundits intersected with WikiLeaks, the website that U.S. officials say was the primary conduit for publishing materials stolen by Russia, according to people familiar with the matter. Mr. Mueller’s team has recently questioned witnesses about the activities of longtime Trump confidante Roger Stone, including his contacts with WikiLeaks, and has obtained telephone records, according to the people familiar with the matter."
"Special Counsel Robert Mueller is expected to issue findings on core aspects of his Russia probe soon after the November midterm elections ... Specifically, Mueller is close to rendering judgment on two of the most explosive aspects of his inquiry: whether there were clear incidents of collusion between Russia and Donald Trump’s 2016 campaign, and whether the president took any actions that constitute obstruction of justice." Mueller has faced pressure to wrap up the investigation from Deputy Attorney General Rod Rosenstein, said an official, who would receive the results of the investigation and have "some discretion in deciding what is relayed to Congress and what is publicly released," if he remains at his post.
"The Justice Department on Friday charged a Russian woman for her alleged role in a conspiracy to interfere with the 2018 U.S. election, marking the first criminal case prosecutors have brought against a foreign national for interfering in the upcoming midterms. Elena Khusyaynova, 44, was charged with conspiracy to defraud the United States. Prosecutors said she managed the finances of 'Project Lakhta,' a foreign influence operation they said was designed 'to sow discord in the U.S. political system' by pushing arguments and misinformation online about a host of divisive political issues, including immigration, the Confederate flag, gun control and the National Football League national-anthem protests."