The US Department of Homeland Security is pretty bad at digitally protecting national security interests, says an audit report released on March 7 by the agency’s watchdog, the Office of Inspector General (OIG).
According to the findings, the agency is working with systems running on old, outdated software that haven’t had a security patch in five years. For example, some systems were still running un-patched Flash, anonymous users had access to shared network drives and user emails could be easily manipulated because exchange folders were indexed in cache mode.
“Windows 2008 and 2012 operating systems were missing security patches for Oracle Java, an unsupported version of Internet Explorer, and a vulnerable version of Microsoft’s Sidebar and Gadgets applications,” the report says. “Some of the missing security patches dated back to July 2013.”
On top of that, workstations using Windows 8.1 and 7 did not have the WannaCry security patch.
As many as 64 vulnerable systems were detected in the network, including 16 that contained national security classified documents. Without immediate measures to secure critical systems, top secret data could be leaked or exposed to other risks, including unauthorized alteration or destruction.
But this is not the only obstacle DHS faces in achieving more effective system and network protection. The biggest concern is that the US government lacks the qualified workforce needed to meet cybersecurity requirements, because too few specialists ARE on the market in general.
DHS is not the only agency to suffer from the skill gap; the Coast Guard and Secret Service also lack the proper security training and mechanisms to protect their data FROM cybersecurity threats. Even though Microsoft no longer offers support for Windows Sever 2003, the three organizations were still using it at the time of the report.
“Until DHS overcomes challenges to addressing its systemic information security weaknesses, it will remain unable to ensure that its information systems adequately protect the sensitive data they store and process,” says the report.