Federal Agency Audits Show Cyber Vulnerabilities
The U.S. Environmental Protection Agency is lagging behind on cybersecurity, according to a recent report published by the Government Accountability Office.
Released Monday, the 41-page report claims EPA, which houses a wealth of the nation’s environmental data, failed to update and secure several of its networks, devices, software and systems.
“The agency did not fully implement access controls, which are designed to prevent, limit and detect unauthorized access to computing resources, programs, information and facilities,” noted the GAO report.
As a result, the GAO said EPA was “jeopardizing the agency’s ability to sufficiently protect the confidentiality, integrity and availability of its information and systems.”
Under the Federal Information Security Management Act (FISMA), each agency is required to establish and implement an information security program, assessing risks and creating policies and procedures to secure federal systems.
While EPA does have a FISMA-based plan in place, the GAO said it had “not yet fully implemented its agency-wide information security program to ensure that controls are appropriately designed and operating effectively.”
And as EPA digests the lashing and its list of recommendations, another agency is also catching heat for its cyber vulnerabilities.
According to the NASA Office of Inspector General (OIG), the space agency’s Security Operations Center (SOC), which heads up IT security, had failed to monitor all of NASA’s computer networks.
“Even though networks we reviewed had their own incident management program that included network monitoring… the networks’ management programs do not provide the centralized continuous monitoring coverage afforded by the SOC,” advised the OIG in a brief overview of the classified cyber audit.
While the OIG’s cybersecurity recommendations were not disclosed in the report, the inspector general’s office said Linda Cureton, the agency’s chief information officer, had reviewed the plan and was prepared put its new procedures into place.
Following are some additional cyber headlines you may have missed:
Former White House cybersecurity official joins security start-up (New York Times)
DHS teams with Girl Scouts on Cyber awareness campaign (Government Security News)
Google ups bug bounties amid booming exploit market (InformationWeek)
Cyber attack using PDFs targets industries (Government Security News)
Did the cyber war just expand to banks and neutral states? (The Atlantic)
The myth of the aging hacker and how to fight it (Huffington Post)
Canadian government and telecom firm mum about cybersecurity failure (Postmedia News)
India caught in crossfire of global cyber war (Times of India)
Cyber attack exposes UK children’s private record (The Telegraph)
This report is also featured on ClearanceJobs.com at: http://www.clearancejobs.com/defense-news/835/cybersecurity-news-round-up-federal-agency-audits-show-cyber-vulnerabilities