The Department of Homeland Security has failed to follow many of its own cybersecurity policies, exposing the agency’s networks to unnecessary risks, according to federal auditors.
An inspector general’s report last month faulted the department for using outdated security controls and Internet connections that are not verified as trustworthy, as well as for not reviewing its “top secret” information systems for vulnerabilities.
Sen. Tom Coburn (R-Okla.), the top Republican on the Senate Homeland Security and Governmental Affairs Committee, blasted the department for the findings Monday.
“This report shows major gaps in DHS’s own cybersecurity, including some of the most basic protections that would be obvious to a 13-year-old with a laptop,” Coburn said in a statement. “We spend billions of taxpayer dollars on federal information technology every year. It is inexcusable to put the safety and security of our nation and its citizens at risk in this manner.”
Overall, auditors found that Homeland Security has improved its information-security program, in part by streamlining its risk-management system and addressing some of the Obama administration’s cybersecurity priorities. But they said some of the department’s components “are still not executing all of the department’s policies, procedures and practices.”
Homeland Security spokesman S.Y. Lee noted that the department agreed with and has already begun implementing all five of the inspector general’s recommendations, which included proposals to conduct reviews of “top secret” systems and ensure baseline security settings for all workstations and servers.
“The Department of Homeland Security continues to improve and strengthen our capabilities to address the cyber risks associated with our critical information networks and systems,” Lee said.
Sen. Tom Carper, who chairs the Homeland Security committee, applauded the department for its progress but said more work needs to be done. He promised to work with Coburn and other lawmakers in the House and Senate on bipartisan legislation to address the nation’s cyber threats.
“As the number of cyber-related attacks and information breaches continue to grow, it is critical that our federal agencies do all that they can to protect their systems and to ensure that sensitive information is properly secured,” Carper said in a statement.
Follow Josh Hicks on Twitter, Facebook or Google+. Connect by e-mail at firstname.lastname@example.org. Visit The Federal Eye, The Fed Page and Post Politics for more federal news. E-mail email@example.com with news tips and other suggestion.