Latest in Gear

Image credit:

Senate finds US agencies left security holes untouched for a decade

Several of them were using outdated, unpatched software.
Jon Fingas, @jonfingas
June 25, 2019
Share
Tweet
Share

Sponsored Links

Bluberries via Getty Images

It's almost a truism to state that government IT security is frequently lacking, but a new Senate subcommittee report has underscored just how severe the problem is. Investigators found that several federal agencies (including the State Department, Homeland Security and the Social Security Administration) didn't adequately protect personal data, and that six of them hadn't installed security patches in a "timely" fashion to close vulnerabilities. In some cases, these flaws had lasted for roughly a decade or more.

The departments of Agriculture, Health and Human Services, Homeland Security and Transportation all failed to tackle vulnerabilities identified over a decade earlier, for instance. The Social Security Administration's weak spots risked exposing the data of 60 million Americans. Several agencies didn't install patches properly for most or all of the past ten years. And the Education Department hasn't had a way to keep unauthorized devices off its network since 2011 -- it can limit access to 90 seconds, but that's more than enough time to insert malware or grab sensitive documents.

Just what happens next isn't certain. A source speaking to The Hill said the subcommittee didn't plan to hold hearings, but that Chairman Rob Portman would consider the findings when drafting any "legislative solutions." It might get fixed some day. Recommendations in the report would give chief information officers more power over security decisions, improve communication with agency leaders and require progress reports on fixing security flaws when defending a given department's budget. These aren't binding, though, and there's no concrete mechanism in place to implement those changes.

If there's any consolation, it's that the current administration wants to invest more in cybersecurity. There's a chance some of that money will go toward shoring up defenses. It's not likely to be a comprehensive fix, mind you. That suggests at least some of the shortcomings are likely to persist for a while.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
Tweet
Share

Popular on Engadget

You’ll need more than $299 to truly enjoy next-gen gaming

You’ll need more than $299 to truly enjoy next-gen gaming

View
Apple iPad (2020) hands-on: A better kind of basic

Apple iPad (2020) hands-on: A better kind of basic

View
Confused about which console to buy? Just wait.

Confused about which console to buy? Just wait.

View
'Fortnite' made a historic $1.8 billion in 2019

'Fortnite' made a historic $1.8 billion in 2019

View
MIT algorithm finds subtle connections between art pieces

MIT algorithm finds subtle connections between art pieces

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr