Latest in Gear

Image credit: Bill Clark/CQ Roll Call

SEC knew about weak security years before hack

The data breach was almost an inevitability.
406 Shares
Share
Tweet
Share
Save
Bill Clark/CQ Roll Call

The hack that compromised the US Securities and Exchange Commission was a shock and more than a little damaging, but could it have been prevented? Unfortunately the answer is very likely yes. The Hill has combed through the SEC's internal evaluations, and it's now clear that the Commission had been warned about digital security issues for years. An inspector general audit warned about "weaknesses" in the SEC's security measures back in 2013, and multiple warnings appear to have sometimes fallen on deaf ears. A June 2016 inspector general report said the SEC hadn't "fully addressed" some problems from previous audits, and was at "increased risk" of intruders taking sensitive data.

That security was weak isn't completely shocking when a number of American government agencies have fallen prey to hacks. Also, many government agencies have to make do with aging computers and infrastructure that can't receive software updates outside of exceptional circumstances. The inspector general's office itself has struggled with both poor funding and a lack of clear goals.

Still, the SEC had plenty of time to update its platforms and implement policies that weren't necessarily dependent on newer technology, such as thorough data encryption. The hack also illustrates a serious problem with government cybersecurity in the US. If an agency as crucial as the SEC struggled to improve its security practices over the years, that suggests other important institutions also have a lot to learn about safeguarding critical data.

From around the web

ear iconeye icontext filevr