The Washington Post

FCC botched cyber-security planning after breach, report says

(Rick Wilking/Reuters) (Rick Wilking — Reuters)

The Federal Communications Commission mishandled the early part of a cyber-security plan it initiated after a network breach in September 2011, according to a recent report from Congress’s watchdog agency.

An analysis from the Government Accountability Office says sensitive FCC information remains at risk of misuse, improper disclosure and destruction because of deficiencies in the agency’s Enhanced Secured Network project, which is supposed to protect the FCC against future intrusions.

The GAO report, released last week, said that properly securing the agency’s networks may now require “costly and time-consuming rework.”

The White House Office of Management and Budget authorized the FCC to dedicate $10 million toward the cyber-security plan in November 2011, and Congress agreed to the effort in December of that year.

The GAO report did not provide details of the 2011 breach or specify remaining deficiencies in the agency’s network-security system, due to concerns about compromising FCC security.

However, the report said the agency did not take appropriate steps to assess the risks of future attacks or to effectively design and implement new programs to prevent them.

According to the GAO, the FCC’s errors included configuring security tools improperly, using weak encryption methods to protect stored passwords and failing to fully implement its malware system.

“As a result of these and other deficiencies, FCC faces an unnecessary risk that individuals could gain unauthorized access to its sensitive systems and information,” the report said.

FCC officials said the sense of urgency after the 2011 breach pressured them to initiate plans quickly and without fully applying agency policies or best practices, according to the report.

The GAO issued a list of recommendations for the FCC to implement its IT security policies more effectively. According to the report, the agency has concurred with all the recommendations and is taking action to address them.

Cyber-threats are a rapidly growing problem for the government. Data from the Department of Homeland Security shows that the number of security incidents reported by federal agencies skyrocketed from about 5,500 in 2006 to nearly 49,000 in 2012, representing a 780-percent increase.

E-mail with news tips and other suggestions.

For more federal news, visit The Federal Eye, The Fed Page and Post Politics.

Follow Josh Hicks on Twitter or subscribe his Facebook page.

Josh Hicks covers Maryland politics and government. He previously anchored the Post’s Federal Eye blog, focusing on federal accountability and workforce issues.



Success! Check your inbox for details. You might also like:

Please enter a valid email address

See all newsletters

Show Comments
Most Read



Success! Check your inbox for details.

See all newsletters

Your Three. Videos curated for you.
Play Videos
From clubfoot to climbing: Double amputee lives life of adventure
Learn to make traditional soup dumplings
In defense of dads
Play Videos
How to make head cheese
Perks of private flying
The rise and fall of baseball cards
Play Videos
Husband finds love, loss in baseball
New hurdles for a Maryland tradition
How to survive a shark attack
Play Videos
Portland's most important meal of the day
What you need to know about Legionnaires' disease
How to save and spend money at college
Next Story
Joe Davidson · February 5, 2013

To keep reading, please enter your email address.

You’ll also receive from The Washington Post:
  • A free 6-week digital subscription
  • Our daily newsletter in your inbox

Please enter a valid email address

I have read and agree to the Terms of Service and Privacy Policy.

Please indicate agreement.

Thank you.

Check your inbox. We’ve sent an email explaining how to set up an account and activate your free digital subscription.