The Federal Communications Commission mishandled the early part of a cyber-security plan it initiated after a network breach in September 2011, according to a recent report from Congress’s watchdog agency.
An analysis from the Government Accountability Office says sensitive FCC information remains at risk of misuse, improper disclosure and destruction because of deficiencies in the agency’s Enhanced Secured Network project, which is supposed to protect the FCC against future intrusions.
The GAO report, released last week, said that properly securing the agency’s networks may now require “costly and time-consuming rework.”
The White House Office of Management and Budget authorized the FCC to dedicate $10 million toward the cyber-security plan in November 2011, and Congress agreed to the effort in December of that year.
The GAO report did not provide details of the 2011 breach or specify remaining deficiencies in the agency’s network-security system, due to concerns about compromising FCC security.
However, the report said the agency did not take appropriate steps to assess the risks of future attacks or to effectively design and implement new programs to prevent them.
According to the GAO, the FCC’s errors included configuring security tools improperly, using weak encryption methods to protect stored passwords and failing to fully implement its malware system.
“As a result of these and other deficiencies, FCC faces an unnecessary risk that individuals could gain unauthorized access to its sensitive systems and information,” the report said.
FCC officials said the sense of urgency after the 2011 breach pressured them to initiate plans quickly and without fully applying agency policies or best practices, according to the report.
The GAO issued a list of recommendations for the FCC to implement its IT security policies more effectively. According to the report, the agency has concurred with all the recommendations and is taking action to address them.
Cyber-threats are a rapidly growing problem for the government. Data from the Department of Homeland Security shows that the number of security incidents reported by federal agencies skyrocketed from about 5,500 in 2006 to nearly 49,000 in 2012, representing a 780-percent increase.
E-mail firstname.lastname@example.org with news tips and other suggestions.