Some of the federal government’s most sensitive data are protected by passwords that wouldn’t pass muster for even the most basic civilian email account, according to a new congressional report.
Passwords like “password,” “qwerty,” and users’ names have left Homeland Security Department data vulnerable, says a report released Tuesday by the Republican staff of the Senate Homeland Security and Governmental Affairs Committee.
And the password fiasco, the report says, is only the tip of the iceberg — plenty of other agencies have lost sensitive data as well.
The Nuclear Regulatory Commission left nuclear-plant security details on a shared drive with no protection. Hackers swiped Information on the nation’s dams — including their weaknesses and catastrophic potential if breached — from an Army Corps of Engineers database.
All that’s too much for Sen. Tom Coburn of Oklahoma, the panel’s top Republican. “Weaknesses in the federal government’s own cybersecurity have put at risk the electrical grid, our financial markets, our emergency-response systems, and our citizens’ personal information,” he said.
So far, the security failings have been more comedic than catastrophic (in one instance, hackers used the Emergency Broadcast System to warn TV viewers of a zombie outbreak). But the report warned we may not be so lucky in the future — and the problem appears to be widespread:
In addition, hackers have penetrated, taken control of, caused damage to, and/or stolen sensitive personal and official information from computer systems at the Departments of Homeland Security, Justice, Defense, State, Labor, Energy, and Commerce; NASA; the Environmental Protection Agency; the Office of Personnel Management; the Federal Reserve; the Commodity Futures Trading Commission; the Food and Drug Administration; the U.S. Copyright Office; and the National Weather Service.
“These are just hacks whose details became known to the public,” the report added.
At the Nuclear Regulatory Commission — responsible for safeguarding the nation’s nuclear plants — faith in IT is so bad that employees have started buying their own computers and setting up separate networks, which creates a whole new series of security concerns.
Things aren’t much better at the Department of Homeland Security. “To take just one example, weaknesses found in the office of the Chief Information Officer for ICE included 10 passwords written down, 15 FOUO (For Official Use Only) documents left out, three keys, six unlocked laptops — even two credit cards left out,” the report stated.
NRC spokesman Eliot Brenner said many of that agency’s safety issues have already been addressed. All 44 security recommendations in reports cited by the committee have been closed or resolved pending final implementation, he said. “The NRC takes information security very seriously and works continuously toward improvements,” Brenner said.
What We're Following See More »
"Even as he acknowledged the importance of an open internet, FCC Chairman Ajit Pai on Wednesday set his telecom agency on a course to scrap the tough, broad net neutrality protections imposed by the Obama administration. During a major speech in Washington, D.C., Pai outlined the need for a total revision of existing federal rules that seek to prevent companies like AT&T, Charter, Comcast and Verizon from blocking or slowing down web content, including the movie or music offerings from their competitors." Separately, Pai told Reason's Nick Gillespie that the Clinton Administration "basically got it right when it came to digital infrastructure. We were not living in a digital dystopia in the years leading up to 2015."
The White House on Wednesday laid out its plan for tax reform, with Treasury Secretary Steven Mnuchin saying it would be "the biggest tax cut and the largest tax reform in the history of our country." The tax code would be broken down into just three tax brackets, with the highest personal income tax rate cut from 39.6 percent to 35 percent. The plan would also slash the tax rate on corporations and small businesses from 35 percent to 15 percent. "The White House plan is a set of principles with few details, but it’s designed to be the starting point of a major push to urge Congress to pass a comprehensive tax reform package this year," said National Economic Council Director Gary Cohn.
U.S. Immigration and Customs Enforcement today established the Victims of Immigration Crime Engagement (VOICE), as called for in a presidential executive order from January. The new office's website states that its staff "will be guided by a singular, straightforward mission—to ensure victims and their families have access to releasable information about a perpetrator and to offer assistance explaining the immigration removal process."