Myriad IT issues impact Secret Service cybersecurity Credit: Reuters For now, the US Secret Service has no reasonable assurance that its information systems are properly secured to protect Law Enforcement Sensitive case management information. That was but one of the conclusions laid at the feet of the US Secret Service today by the Department of Homeland Security’s Inspector General, John Roth in a scathing report on the agency tasked with protecting the President and other important government officials. +More on Network World: Federal cyber incidents grew an astounding 1,300% between 2006 and 2015+ Further from the report: “US Secret Service systems and data remain vulnerable to unauthorized access and disclosure. As discussed, contributing factors included inadequate system security plans, systems with expired authorities to operate, inadequate access and audit controls, noncompliance with logical access requirements, inadequate privacy protections, and over-retention of records. Such deficiencies increase risks to the confidentiality, integrity, and availability of mission- critical information systems and data.” “Today’s report reveals unacceptable vulnerabilities in Secret Service’s systems,” concluded Inspector General Roth. The investigation and audit of the Secret Service’s IT system security came as a result of a security breach – namely the 2015 release of personal information about U.S. Congressman Jason Chaffetz which lead to an investigation that found improper access by Secret Service employees. The potential for incidents similar to the Congressman Chaffetz breach of March 2015 remain, the report stated. Insider threats present within the organization may be able to: steal, alter, or destroy mission critical data; export malicious code to other systems; install covert backdoors that would permit unauthorized access to data or network resources; or impact the availability of any information system’s resources or networks. +More on Network World: What is on a US Secret Service mainframe anyway? “Any loss, theft, corruption, destruction, or unavailability of Law Enforcement Sensitive data or PII could have grave adverse effects on the USSS’ ability to protect employees or the general public,” the report stated. The Secret Service’ primary mission is protecting the President, other dignitaries, and events, and investigating financial and cybercrimes to help preserve the integrity of the Nation’s economy. This statutory responsibility leaves little, if any, room for error. As such, the systems and information supporting this mission must be managed in an efficient and secure manner, the report stated. IG Roth concluded that Secret Service’s IT management was ineffective because the “Secret Service has historically not given it priority. The Secret Service CIO’s Office lacked authority, inadequate attention was given to updating IT policies, and Secret Service personnel were not given adequate training regarding IT security and privacy. +More on Network World: Feds’ primary network security weapon needs more bang+ “[The Secret Service] has much work to do to make IT a priority. This requires establishing and implementing an IT governance framework that addresses, at a minimum, the IT organizational and management deficiencies identified in this report. It also requires that USSS leadership fully understand and address the potential for insider risks, not only from system administrators and inadequately managed IT contractors, but also from employees and business partners. The report concluded that the new Secret Service CIO was aware of the severity of these issues and had begun formulating a strategic plan, including corrective actions plans to address long-standing IT deficiencies. Check out these other hot stories: Sprint to get into managed SD-WAN game with VeloCloud-based offering President Obama targets nasty space weather response with Executive Order Feds want to set a trail for future AI advances President Obama, NASA desire Mars habitation too White House wants to know: Do you need more data portability? Elon Musk’s next great adventure: Colonizing Mars IEEE sets new Ethernet standard that brings 5X the speed without disruptive cable changes Cisco: New net management software lets users spot industrial Ethernet network problems quickly Federal cyber incidents grew an astounding 1,300% between 2006 and 2015 Cisco Talos: Spam at levels not seen since 2010 Related content news analysis FBI/IC3: Vile $5B business e-mail scam continues to breed FBI/IC3 reports over 40,000 worldwide victims and $5 billion in the latest reckoning By Michael Cooney May 08, 2017 5 mins Security news analysis Ultimate geek dream? NASA challenges you to jump on the FORTRAN bandwagon! NASA opens High Performance Fast Computing Challenge By Michael Cooney May 05, 2017 4 mins Government Open Source Enterprise Applications news analysis Fragmented, disorganized IT systems thwart feds ability to track visas DHS OIG says ineffective IT process has contributed to a backlog of more than 1.2 million visa overstay cases. By Michael Cooney May 04, 2017 5 mins Analytics Data Center Security news analysis TSA: “As you can imagine, live anti-tank rounds are strictly prohibited altogether.” TSA finds live anti-tank round in carry-on bag By Michael Cooney Apr 28, 2017 2 mins Security Podcasts Videos Resources Events NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe