Latest in Gear

Image credit: Bluberries via Getty Images

Senate finds US agencies left security holes untouched for a decade

Several of them were using outdated, unpatched software.
297 Shares
Share
Tweet
Share
Save

Sponsored Links

Bluberries via Getty Images

It's almost a truism to state that government IT security is frequently lacking, but a new Senate subcommittee report has underscored just how severe the problem is. Investigators found that several federal agencies (including the State Department, Homeland Security and the Social Security Administration) didn't adequately protect personal data, and that six of them hadn't installed security patches in a "timely" fashion to close vulnerabilities. In some cases, these flaws had lasted for roughly a decade or more.

The departments of Agriculture, Health and Human Services, Homeland Security and Transportation all failed to tackle vulnerabilities identified over a decade earlier, for instance. The Social Security Administration's weak spots risked exposing the data of 60 million Americans. Several agencies didn't install patches properly for most or all of the past ten years. And the Education Department hasn't had a way to keep unauthorized devices off its network since 2011 -- it can limit access to 90 seconds, but that's more than enough time to insert malware or grab sensitive documents.

Just what happens next isn't certain. A source speaking to The Hill said the subcommittee didn't plan to hold hearings, but that Chairman Rob Portman would consider the findings when drafting any "legislative solutions." It might get fixed some day. Recommendations in the report would give chief information officers more power over security decisions, improve communication with agency leaders and require progress reports on fixing security flaws when defending a given department's budget. These aren't binding, though, and there's no concrete mechanism in place to implement those changes.

If there's any consolation, it's that the current administration wants to invest more in cybersecurity. There's a chance some of that money will go toward shoring up defenses. It's not likely to be a comprehensive fix, mind you. That suggests at least some of the shortcomings are likely to persist for a while.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
297 Shares
Share
Tweet
Share
Save

Popular on Engadget

Engadget's Guide to Privacy

Engadget's Guide to Privacy

View
Yamaha updates its THR desktop guitar amps for the first time in years

Yamaha updates its THR desktop guitar amps for the first time in years

View
Facebook’s latest AI experiment helps you pick what to wear

Facebook’s latest AI experiment helps you pick what to wear

View
iFixit's iPhone 11 Pro Max teardown investigates charging rumors

iFixit's iPhone 11 Pro Max teardown investigates charging rumors

View
TiVo wants to make a comeback with $50 Android TV dongle

TiVo wants to make a comeback with $50 Android TV dongle

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr