Wednesday, 5 August 2015

Labor Department Ignores Years Of Cybersecurity Warnings

Another federal agency has been ignoring years of watchdog warnings to strengthen its cybersecurity measures to keep hackers from gaining access to sensitive personal and official information and data.

The Department of Labor has disregarded 11 warnings from its inspector general since 2010 that too many employees have unfettered access to digital systems containing sensitive information, the watchdog reported Tuesday.

The IG also said it told the department eight times during the same period that contractors operating the digital systems need tighter scrutiny and four times that the department’s cybersecurity patches aren’t updated frequently enough.

“This trend of recurring deficiencies is indicative of systemic issues that require an overall strengthening of DOL’s information security program to prevent future occurrences,” the IG said.

Effective cybersecurity is especially important for the labor department, as the agency houses confidential information such as federal employee disability benefits records, Occupational Safety and Health Administration reports and union financial reports.

While the department has made improvements since 2010, “audits continue to identify similar deficiencies in information security,” the report said. “Moving forward, DOL needs to focus its efforts on enhancing its information security program to ensure the confidentiality, integrity and availability of its information system and data.”

The department recently began partially following the IG’s recommendations after hackers breached the Office of Personnel Management digital databases and stole personal information for more than 21 million current and former civil servants in June.

Similarly, a breach at the United States Postal Service last November exposed more than 800,000 current and former postal employees’ information.
All three agencies repeatedly ignored their watchdogs’ recommendations to strengthen their cybersecurity. Primarily, the labor department needed to create restricted access zones for its digital systems.

The IG “has repeatedly recommended DOL improve this important control to prevent unauthorized access to DOL systems and applications,” the report said.

The labor department started requiring security cards for system access after the OPM breach.

“The program plays a key role in protecting DOL’s infrastructure, including data, other systems, and people from potential harm caused by unauthorized access,” the report said.

The IG, however, recommended that provision nearly three years ago following a Department of Homeland Security presidential directive.

“Had DOL implemented this requirement earlier, it could have prevented unauthorized access to DOL’s computer networks and systems by 11 separated employees who still had active accounts after their departure,” the report said. “DOL unnecessarily exposed itself to greater risk of unauthorized access.”

“The Department of Labor takes seriously the importance of enhancing IT security,” a Labor Department official told The Daily Caller News Foundation. “So we are pleased that the Inspector General recognizes the Department’s actions to remediate known information security vulnerabilities, protect federal information and assets, improve the resilience of federal networks, and implement multi-factor authentication for all departmental systems.”

View the original content and more from this author here: http://ift.tt/1KPll8R



from cyber security caucus http://ift.tt/1DtoN6o
via IFTTT

No comments:

Post a Comment