DHS fails cyber-security audit

  • The US Department of Homeland Security (DHS) has utterly failed an extensive cyber-security audit conducted by the agency's own Inspector General (IG).

    Indeed, the DHS US-CERT office is currently plagued by at least 600 vulnerabilities that could compromise sensitive data, including 202 which have been classified as high-risk.

    "Adequate security controls have not been implemented on the [Mission Operating Environment] to protect the data processed from unauthorized access, use, disclosure, disruption, modification, or destruction," the IG confirmed in a recently published report.

    "The results of our vulnerability assessments revealed that [National Cyber Security Division] is not applying timely security and software patches on the [Mission Operating Environment]."

    According to the IG, the majority of vulnerabilities were traced to popular apps and platforms such as Microsoft Word, Adobe Acrobat and Java - rather than  basic OS level breaches.

    As such, the Inspector recommended that the DHS immediately patch and updated its systems - particularly the ones located in the department's  Virginia HQ. 

    Meanwhile, DHS spokeswoman Amy Kudwa confirmed that the agency had already implemented "a software management tool [to] automatically deploy operating-system and application-security patches and updates to mitigate current and future vulnerabilities."
     

Related Stories

Samsung and Verizon are ready to test 5G in several US cities by 2017

Red Flags To Watch Out For Your Business

8 Best Web Design Tools in 2017