Audit reveals U.S. Treasury Dept. security infrastructure is weak

Jim Merrifield
Robinson+Cole Data Privacy + Security Insider
Contact
LinkedIn
Facebook
X
Send
Embed

An annual audit conducted by the U.S. Government Accountability Office of the Fiscal Service Bureau, identified (9) nine new information security weaknesses in the U.S. Treasury Department’s information systems that are used to manage sensitive data in connection with federal debt.

It was further reported that although these weaknesses aren’t considered to be significant, the Department must address these information security weaknesses immediately, in order to protect sensitive data from being further compromised or accessed by future hackers.

After all, the Fiscal Service Bureau manages $18.2 billion of the national debt with a number of interconnected financial systems. The electronic data stored in these systems are used to process and track borrowed money and issued securities.

The audit found that the identified risks in connection with these system weaknesses primarily stemmed from individuals who have access to the Fiscal Service internal systems. The audit further revealed that some of these weaknesses may be related to a new ledger system, which was implemented in 2014.

It is important to note that earlier this month, the Office of Personnel Management (OPM) reported that hackers had accessed the personal information of more than 4 million federal employees. It’s known now that the hackers also were able to access security clearance data. Apparently, the OPM has had a history of information security related weaknesses and is still working to address these and other vulnerabilities.

It’s clear that the federal government has its work cut out in relation to securing its technology infrastructure. At present, 11 out of the OPM’s 47 information technology systems are operating without a valid security authorization. This includes two systems responsible for processing background checks and security clearances.

The logical place to start is to find out who in the Fiscal Service Bureau and OPM currently have access to these internal systems, then re-evaluate if all these individuals should have permission to access these systems. The results of this exercise will no doubt be very surprising and eye-opening, but it must be done.

This is a warning example for all of us–whether we work in the federal government or not. After all, every organization deals with sensitive data and can be vulnerable to a security breach at any time. Of course, all organizations would be well served to conduct a security assessment of its current IT infrastructure.

If your organization needs assistance in planning such an assessment, please contact any of the team members here at R+C.

[view source.]

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Robinson+Cole Data Privacy + Security Insider | Attorney Advertising

Written by:

Robinson+Cole Data Privacy + Security Insider
Robinson+Cole Data Privacy + Security Insider
Contact
more
less

Robinson+Cole Data Privacy + Security Insider on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide