Homeland Security: Secret Service’s network security falling short
Alice Lipowicz writes in GCN.com:
The Secret Service is falling short in its efforts to protect sensitive online data about its operations and in securing its IT networks, according to two new reports from Homeland Security Department inspector general Richard L. Skinner.
The IG’s audit found inadequacies in the security controls for sensitive data about protective operations contained in the Secret Service Web System (SSWeb).
A redacted copy [.pdf] of the audit is available on the IG’s Web site.
Vulnerabilities were discovered in access controls, configuration management procedures and continuity-of-operations safeguards, the report said. In some cases, default passwords were not changed at the time new software was installed.