What the Heck? Dept of Interior has Rookie IT People or What?
By: Denise Simon | Founders Code
Is this a joke? Those computers had/have malware installed that was never detected even after that major OPM hack that forced the mainframes to communicate with Russia…..yes RUSSIA. So, here comes that Inspector General audit report. We are bleeding data, even classified data….So we have tech companies and social media operations that are not protecting or safeguarding our data, now for sure we have a government that can’t do it either…..
There was a hearing though…..ahem.
In part from the audit report: This memorandum transmits the findings of our evaluation of the U.S . Department of the Interior’ s incident response program. We found that the Office of the Chief Information Officer had not fully implemented the capabilities recommended by National Institute for Standards and Technology (NIST) in its incident detection and response program. We make 23 recommendations to help the Department improve its incident response program , so it can promptly detect and full y contain cyber threats to maintain the availability, confidentiality, and integrity of Department and bureau computer systems and data.
In response to our draft report, the Department concurred with all recommendations and provided target dates and officials responsible for implementation. We consider all 23 recommendations resolved but not implemented. We will forward the recommendations to the Office of Policy, Management and Budget for tracking and implementation. We understand that some of these recommendations may require significant investment in cyber security infrastructure as well as the recruitment of additional staff, but the intended timeframe to implement these recommendations remains a concern. Five recommendations will not be addressed for more than 5 years, and four recommendations will not be addressed for more than 3 years. In the interim, the Department should consider additional temporary or partial solutions.
Specifically, we found that the Department:
• Was not fully prepared to respond to incidents.
• Did not promptly detect or fully analyze security incidents.
• Did not fully contain or completely eradicate active cyber threats.
• Did not continuously improve its incident response capabilities by learning from prior incidents.
You can find the full report/audit here.
Three years after Chinese hackers stole security clearance files and other sensitive personal information of some 22 million U.S. federal employees, cyber-defenses at the Department of Interior, which hosted White House Office of Personnel Management (OPM) servers targeted in the theft, were still unable to detect “some of the most basic threats” inside Interior’s computer networks — including malware actively trying to make contact with Russia.
In a 16-month examination of Interior’s ability to detect and respond to cyber-threats, evaluators from the department’s Office of Inspector General (OIG) also discovered that Interior’s technicians simply did not implement a sweeping array of mandatory, government-wide defensive measures ordered up after the disastrous OPM hack, didn’t investigate blocked intrusion attempts, and left “multiple” compromised computers on their network “for months at a time,” according to a redacted OIG report issued in March.
Ultra-sensitive security clearance files have since been moved to the Defense Department, but, among other things, the OIG report noted that:
● Sensitive data at Interior could be taken out of the department’s networks “without detection.”
● Network logs showed that a computer at the U.S. Geological Survey, an Interior bureau, was regularly trying to communicate with computers in Russia. The messages were blocked, but “the USGS facilities staff did not analyze the alerts.”
● Dangerous or inappropriate behavior by network users — including the downloading of pornography and watching pirated videos on Russian and Ukrainian websites — was not investigated.
● Computers discovered to be infected with malware were scrubbed as soon as possible and put back into use—meaning little or no effort went into examining the scope and nature of any such threats to the broader network. This happened, the OIG team noted, with one intruder they discovered themselves.
● Simulated intrusions or ransomware attacks created by the examiners were carried out with increasing blatancy without a response—in the case of ransomware, for nearly a month
● After the devastating OPM hack, which was discovered in April 2015, the department didn’t even publish a lessons-learned plan for its staffers based on the disaster. The OIG inspectors reported that Interior started to draft an “incident response plan” that month to deal with future intrusions, but “did not publish it until August 2017”— two months after the OIG team had finished their lengthy fieldwork.
● Distressingly, the report also notes that the department’s cybersecurity operations team was not privy to a list of Interior’s so-called “high-value IT assets” prepared by the Chief Information Officer, “due to its sensitive nature.” More here.