SECURITY PROBLEMS ARE RIFE in the US Department of Homeland Security, er, the federal authority responsible for the USA's cybersecurity.
A report from the department's Office of Inspector General dug into its systems to discover that many of them were running unsupported and outdated operating systems, some of which haven't received a security update or patch in years.
Some 64 vulnerable systems were found in Homeland Security's network which lacked the authority to operate securely. And more than 12 of these systems were found to contain highly sensitive information.
Other systems were found to lack patches to protect them against the WannaCry ransomware which thoroughly messed things up for organisations across the world last year.
Now the big problem here is that the systems in question hold not only run-of-the-mill unclassified data but also top secret information. With a lack of security updates, Homeland Security's data is exposed to an all manner of risks.
Hackers could get access to a treasure trove of secured data if they breached the department's network perimeter. And insider threats such as disgruntled agents could stick a USB drive into a vulnerable system, hoover up a load of classified information, then upload it to Wikileaks or tweet it at Edward Snowden while chowing down on a Twinkie.
Homeland Security is required by the US government to operate at a Level 4 tier of security, delivering an IT estate with cybersecurity that's "managed and measurable" in five areas.
The report noted that the department had failed to do that in three out of the five areas, with things like failing to remedy security weaknesses in a timely fashion and monitoring software licenses on unclassified systems.
Basically, the cybersecurity in Homeland Security is pretty crap. That's pretty embarrassing for a department with Security in its name, but then we guess the US is going full throttle with embarrassing actions of late; President Trump for example.
This might seem funny for an outsider looking in, but the report painted a damning picture, saying: "Until DHS overcomes challenges to addressing its systemic information security weaknesses, it will remain unable to ensure that its information systems adequately protect the sensitive data they store and process."
The report did offer a suite of recommendation for the department to shore up its security, ranging from implementing proper system diagnostics to better security controls and reviews, and get rid of outdated operating systems.
You'd think that being the home of some of the largest and most powerful tech companies in the world would ensure the US government's departments had the very best tech on offer. But then this is a nation that seems to be very slow at adopting chip and pin let alone contactless payments in may bars and cafes the INQUIRER team has stumbled into over the years, so go figure. µ
Privacy-aware office worker slams 'authoritarian' AFR tech
Flagship packs a 6.26in screen, quad-cameras and, er, Android Pie
Like, subscribe, and run away with my data
Tor of duty of care