An annual audit conducted by the U.S. Government Accountability Office of the Fiscal Service Bureau, identified (9) nine new information security weaknesses in the U.S. Treasury Department’s information systems that are used to manage sensitive data in connection with federal debt.

It was further reported that although these weaknesses aren’t considered to be significant, the Department must address these information security weaknesses immediately, in order to protect sensitive data from being further compromised or accessed by future hackers.

After all, the Fiscal Service Bureau manages $18.2 billion of the national debt with a number of interconnected financial systems. The electronic data stored in these systems are used to process and track borrowed money and issued securities.

The audit found that the identified risks in connection with these system weaknesses primarily stemmed from individuals who have access to the Fiscal Service internal systems. The audit further revealed that some of these weaknesses may be related to a new ledger system, which was implemented in 2014.

It is important to note that earlier this month, the Office of Personnel Management (OPM) reported that hackers had accessed the personal information of more than 4 million federal employees. It’s known now that the hackers also were able to access security clearance data. Apparently, the OPM has had a history of information security related weaknesses and is still working to address these and other vulnerabilities.

It’s clear that the federal government has its work cut out in relation to securing its technology infrastructure. At present, 11 out of the OPM’s 47 information technology systems are operating without a valid security authorization. This includes two systems responsible for processing background checks and security clearances.

The logical place to start is to find out who in the Fiscal Service Bureau and OPM currently have access to these internal systems, then re-evaluate if all these individuals should have permission to access these systems. The results of this exercise will no doubt be very surprising and eye-opening, but it must be done.

This is a warning example for all of us–whether we work in the federal government or not. After all, every organization deals with sensitive data and can be vulnerable to a security breach at any time. Of course, all organizations would be well served to conduct a security assessment of its current IT infrastructure.

If your organization needs assistance in planning such an assessment, please contact any of the team members here at R+C.

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Jim Merrifield Jim Merrifield

Jim Merrifield is Robinson+Cole’s Director of Information Governance & Business Intake, a member of the Data Privacy + Cybersecurity Team, and a non-attorney contributor to the Data Privacy + Security Insider blog. He has spent nearly 20 years helping organizations of all sizes…

Jim Merrifield is Robinson+Cole’s Director of Information Governance & Business Intake, a member of the Data Privacy + Cybersecurity Team, and a non-attorney contributor to the Data Privacy + Security Insider blog. He has spent nearly 20 years helping organizations of all sizes, including law firms and Fortune 500 companies, develop and implement practical information governance strategies, policies, and best practices. Jim is a well-respected expert in the information governance industry. With an extensive background in policy development and enforcement, enterprise program deployment, and technology solutions, he has earned a strong reputation as a knowledgeable practitioner and reliable consultant. His deep understanding of the space is reflected by his many publications, lectures, and consulting services for top-tier companies and law firms. Jim holds a bachelor degree in Legal Studies from Quinnipiac University and is a certified information governance professional (IGP).

Jim’s innovative thinking and commitment for the industry has enabled him to create the popular podcast, InfoGov Hot Seat, a platform for candid conversations featuring practitioners, consultants and solution providers – offering valuable perspectives to listeners about legal technology and managing information as an asset.

Read more about Jim Merrifield
Show more Show less
Related Posts
Mercedes-Benz Source Code Potentially Compromised in GitHub Token Exposure
February 1, 2024
Red Cross Creates Rules for Civilian Hackers in Conflict Zones
October 20, 2023
Growing Calls to Ban Chinese Owned TikTok App and Other Software Apps Considered to be National Security Threats
March 3, 2023