Age-old problems to sharing cyber threat info remain, IG report finds

Over-classification, a deluge of data and insufficient human and technological resources all hinder the sharing of threat data.

The post Age-old problems to sharing cyber threat info remain, IG report finds appeared first on CyberScoop.

Continue reading Age-old problems to sharing cyber threat info remain, IG report finds

NSA watchdog to review agency’s actions following Tucker Carlson spying allegations

The National Security Agency’s inspector general said Tuesday that it would conduct a review related to allegations that the agency had improperly surveilled Fox News host Tucker Carlson — allegations the agency has denied. The review will look at NSA’s compliance with legal authorities and procedures related to data collection and analysis, including so-called “unmasking” procedures, in which U.S. officials can request the identity of an American citizen cited in an intelligence document. The probe will cover whether any actions taken by the NSA “were based upon improper considerations,” Inspector General Robert Storch said in a statement. Carlson in June accused the NSA of surveilling in him in a bid to “take this show off the air.” The NSA, whose mission is to collect foreign intelligence, flatly denied the allegation in a June 29 statement. “Tucker Carlson has never been an intelligence target of the agency and the NSA has […]

The post NSA watchdog to review agency’s actions following Tucker Carlson spying allegations appeared first on CyberScoop.

Continue reading NSA watchdog to review agency’s actions following Tucker Carlson spying allegations

Federal agencies are failing to protect sensitive data, Senate report finds

Of eight federal agencies audited for their cybersecurity programs, only the Department of Homeland Security showed improvements in 2020, according to a report from the Senate Homeland Security and Governmental Affairs Committee. Released by the panel on Tuesday, the report expresses concerns about the state of federal agencies’ cyber posture during an overall 8% rise in security incidents across agencies. The report underscores the increased scrutiny of federal cybersecurity by lawmakers in the aftermath of a months-long alleged Russian cyber-espionage campaign the private sector first uncovered uncovered in December 2020. Russian hackers used a flaw in network management software SolarWinds to infiltrate nine government agencies. The report found that seven of the eight agencies reviewed still use legacy systems that no longer have security updates supported by their vendor. The practice can leave agencies vulnerable to foreign hacking, the report notes. “It is clear that the data entrusted to these […]

The post Federal agencies are failing to protect sensitive data, Senate report finds appeared first on CyberScoop.

Continue reading Federal agencies are failing to protect sensitive data, Senate report finds

DHS hails cybersecurity hiring blitz that puts dent in thousands of vacancies

The Department of Homeland Security is touting its “most successful cybersecurity hiring initiative” ever after bringing on nearly 300 pros, with job offers extended to 500 more. It’s a figure significantly higher than the goal of 200 hires established under a two-month “Cybersecurity Workforce Sprint.” But it’s also still just a dent, going 12% of the way toward filling the more than 2,000 vacancies, by DHS’s own accounting. “DHS is dedicating significant energy toward exceeding our cybersecurity hiring goal by recruiting talented experts, investing in diverse talent pipelines, and ensuring equitable access to professional development opportunities at every level,” DHS Secretary Alejandro Mayorkas said in a news release late Thursday. “While I am proud of the progress we have made to date, we still have more work to do.” It’s been a long, slow climb for DHS to bring on cyber personnel, but the “sprint” is the latest sign of […]

The post DHS hails cybersecurity hiring blitz that puts dent in thousands of vacancies appeared first on CyberScoop.

Continue reading DHS hails cybersecurity hiring blitz that puts dent in thousands of vacancies

CISA chief rips IG report, touts election security efforts

The head of the U.S. Cybersecurity and Infrastructure Security Agency has slammed a new inspector general report criticizing some of the agency’s election security work, calling the investigation “poorly timed” and its conclusions misleading. The Department of Homeland Security’s inspector general credited CISA for making progress in helping election officials mitigate cyberthreats, but also concluded the agency hadn’t invested enough resources in countering physical threats to election infrastructure. CISA officials say they’ve accounted for those threats in their preparation. Multiple federal agencies, including the FBI, also are working with state officials to guard against cyber and physical threats to the election. “While the OIG [office of the inspector general] recognizes our extensive coordination effort, releasing this report before Election Day fails to account for CISA’s actions throughout the entirety of the actual 2020 election cycle,” CISA Director Chris Krebs said in a statement. “While we can certainly update plans, use […]

The post CISA chief rips IG report, touts election security efforts appeared first on CyberScoop.

Continue reading CISA chief rips IG report, touts election security efforts

IG finds data security practices lacking at Customs and Border Protection before big hack

The U.S. Customs and Border Protection agency failed to enforce basic security practices at a contractor that was hacked last year, exposing some 100,000 individual photos of travelers, a new inspector general report has found. Some of the hacked images ended up on the dark web, but the entire episode “may damage the public’s trust in the government’s ability to safeguard biometric data,” the Department of Homeland Security’s inspector general concluded in a report released Wednesday. It’s an example of how, as federal immigration and security agencies increasingly draw on biometric data for their work, the stakes for protecting that data from hackers have grown. The data collection was for a CBP pilot to use facial recognition to screen travelers at ports of entry. The project went awry when surveillance technology company Perceptics, a subcontractor, downloaded sensitive CBP data from an unencrypted device and transferred it to the company’s network, […]

The post IG finds data security practices lacking at Customs and Border Protection before big hack appeared first on CyberScoop.

Continue reading IG finds data security practices lacking at Customs and Border Protection before big hack

The Interior Department OIG clearly had some fun hacking the agency’s Wi-Fi networks

While multibillion-dollar companies hire expensive outside experts to conduct elaborate mock-raids on their networks, federal agencies tend to rely on their inspectors general for that. But a new report from the Department of Interior’s watchdog would make any crack team of corporate security-testers proud. To test the hundreds of wireless security networks at the DOI, inspector general (IG) investigators surreptitiously used cheap hacking tools from publicly accessible areas to intercept and decrypt communications in multiple bureaus at the sprawling department. They found systematic weakness in the department’s security that a malicious hacker could have exploited to steal data. “The department’s failure to securely configure wireless networks has put its wireless and internal networks at high risk of compromise,” IG investigators said in a report published Wednesday. The IG’s mock attacks — which weren’t noticed by either physical security guards or IT staff — were “highly successful,” the watchdog said. In one instance, […]

The post The Interior Department OIG clearly had some fun hacking the agency’s Wi-Fi networks appeared first on CyberScoop.

Continue reading The Interior Department OIG clearly had some fun hacking the agency’s Wi-Fi networks

Postal Service left vulnerable IT applications unaddressed for years, inspector general finds

Officials at the U.S. Postal Service let multiple vulnerable applications languish on the agency’s IT network for years — flaws that could have been exploited by hackers to steal sensitive data, an inspector general audit has found. The inspector general investigation, distributed to Postal Service leadership in July, faults IT officials at the agency for not keeping a slew of applications up to date. Six of the IT applications were left on the Postal Service network for up to seven years with things like incomplete certification and accreditation from technology executives, according to the IG memo. A dozen vulnerabilities were deemed “catastrophic” by the USPS’s Corporate Information Security Office, the watchdog said, meaning they exposed the agency to big financial damages. “These are common, well-known vulnerabilities that have been present for three years that could be exploited by an attacker utilizing publicly available methods,” the memo reads. Simply put, the Postal […]

The post Postal Service left vulnerable IT applications unaddressed for years, inspector general finds appeared first on CyberScoop.

Continue reading Postal Service left vulnerable IT applications unaddressed for years, inspector general finds

NSA watchdog finds abusive behavior, grift at senior levels

The National Security Agency’s Office of the Inspector General determined that multiple senior executive leaders and top officials at the intelligence agency recently have engaged in abusive behavior, misusing their positions, and fudging timesheets. One senior executive “created a hostile work environment by using abusive and offensive language toward subordinate employees,” according to the NSA OIG’s semi-annual report to Congress, an unclassified version of which was published Wednesday. The same official also asked subordinates to bring in food such as donuts, to be paid for out of pocket, and urged subordinates to perform activities outside of their professional duties and complete tasks that weren’t “authorized in accordance with law or regulation,” the OIG said. The same executive, who went unnamed in the report, also “misused the NSA/[Central Security Service] information systems in a manner that served no legitimate public interest and which would reflect adversely on NSA, in violation of DoD Joint Ethics Regulation and Agency […]

The post NSA watchdog finds abusive behavior, grift at senior levels appeared first on CyberScoop.

Continue reading NSA watchdog finds abusive behavior, grift at senior levels

Energy Department watchdog finds research labs fail to secure ‘peripheral’ devices like USBs

Multiple Department of Energy research labs lack adequate security controls to safeguard devices like printers and USB drives, leaving the facilities susceptible to data theft, according to an inspector general investigation. “[T]he confidentiality, integrity and availability of systems and data could be directly impacted by the vulnerabilities discovered by our test work,” the DOE inspector general said in a memo released last week. The watchdog did not name the four DOE field sites it reviewed, but said they were part of DOE’s Office of Science. That office spans at least 10 research labs that are doing sensitive research on everything from supercomputing to the supply chain of health equipment to combat the coronavirus. An official at one DOE site complained that the department’s security standards were “technically not feasible or extremely difficult to implement,” according to the inspector general. In another case, site officials said that following the standards would cost too much, […]

The post Energy Department watchdog finds research labs fail to secure ‘peripheral’ devices like USBs appeared first on CyberScoop.

Continue reading Energy Department watchdog finds research labs fail to secure ‘peripheral’ devices like USBs