An annual audit conducted by the U.S. Government Accountability Office of the Fiscal Service Bureau, identified (9) nine new information security weaknesses in the U.S. Treasury Department’s information systems that are used to manage sensitive data in connection with federal debt.
It was further reported that although these weaknesses aren’t considered to be significant, the Department must address these information security weaknesses immediately, in order to protect sensitive data from being further compromised or accessed by future hackers.
After all, the Fiscal Service Bureau manages $18.2 billion of the national debt with a number of interconnected financial systems. The electronic data stored in these systems are used to process and track borrowed money and issued securities.
The audit found that the identified risks in connection with these system weaknesses primarily stemmed from individuals who have access to the Fiscal Service internal systems. The audit further revealed that some of these weaknesses may be related to a new ledger system, which was implemented in 2014.
It is important to note that earlier this month, the Office of Personnel Management (OPM) reported that hackers had accessed the personal information of more than 4 million federal employees. It’s known now that the hackers also were able to access security clearance data. Apparently, the OPM has had a history of information security related weaknesses and is still working to address these and other vulnerabilities.
It’s clear that the federal government has its work cut out in relation to securing its technology infrastructure. At present, 11 out of the OPM’s 47 information technology systems are operating without a valid security authorization. This includes two systems responsible for processing background checks and security clearances.
The logical place to start is to find out who in the Fiscal Service Bureau and OPM currently have access to these internal systems, then re-evaluate if all these individuals should have permission to access these systems. The results of this exercise will no doubt be very surprising and eye-opening, but it must be done.
This is a warning example for all of us–whether we work in the federal government or not. After all, every organization deals with sensitive data and can be vulnerable to a security breach at any time. Of course, all organizations would be well served to conduct a security assessment of its current IT infrastructure.
If your organization needs assistance in planning such an assessment, please contact any of the team members here at R+C.