Latest in Gear

Image credit: Bluberries via Getty Images

Senate finds US agencies left security holes untouched for a decade

Several of them were using outdated, unpatched software.
297 Shares
Share
Tweet
Share

Sponsored Links

Bluberries via Getty Images

It's almost a truism to state that government IT security is frequently lacking, but a new Senate subcommittee report has underscored just how severe the problem is. Investigators found that several federal agencies (including the State Department, Homeland Security and the Social Security Administration) didn't adequately protect personal data, and that six of them hadn't installed security patches in a "timely" fashion to close vulnerabilities. In some cases, these flaws had lasted for roughly a decade or more.

The departments of Agriculture, Health and Human Services, Homeland Security and Transportation all failed to tackle vulnerabilities identified over a decade earlier, for instance. The Social Security Administration's weak spots risked exposing the data of 60 million Americans. Several agencies didn't install patches properly for most or all of the past ten years. And the Education Department hasn't had a way to keep unauthorized devices off its network since 2011 -- it can limit access to 90 seconds, but that's more than enough time to insert malware or grab sensitive documents.

Just what happens next isn't certain. A source speaking to The Hill said the subcommittee didn't plan to hold hearings, but that Chairman Rob Portman would consider the findings when drafting any "legislative solutions." It might get fixed some day. Recommendations in the report would give chief information officers more power over security decisions, improve communication with agency leaders and require progress reports on fixing security flaws when defending a given department's budget. These aren't binding, though, and there's no concrete mechanism in place to implement those changes.

If there's any consolation, it's that the current administration wants to invest more in cybersecurity. There's a chance some of that money will go toward shoring up defenses. It's not likely to be a comprehensive fix, mind you. That suggests at least some of the shortcomings are likely to persist for a while.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
297 Shares
Share
Tweet
Share

Popular on Engadget

Huawei wants to license its 5G tech to US telecoms

Huawei wants to license its 5G tech to US telecoms

View
Fossil's latest Wear OS watches now make calls using iPhones

Fossil's latest Wear OS watches now make calls using iPhones

View
Toyota will debut its tiny city EV at the 2019 Tokyo Motor Show

Toyota will debut its tiny city EV at the 2019 Tokyo Motor Show

View
Adidas readies an entire collection of Star Wars basketball shoes

Adidas readies an entire collection of Star Wars basketball shoes

View
Mercedes app was leaking car owners' data to other users

Mercedes app was leaking car owners' data to other users

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr