home Cyber Cyber Security Report: US Secret Service must improve its IT security

Report: US Secret Service must improve its IT security

Jan 1, 2015

This post is also available in: עברית (Hebrew)

The US Secret Service refused to provide data on its computer security systems to the Department of Homeland Security in 2014, preventing it from being able to verify if it was complying with security policies, an inspector general’s report said.

The service, which has faced withering criticism after several security lapses including a White House breach in September, “refused to comply with mandated computer security policies,” according to the report by the DHS inspector general.

The review also said DHS agencies were not doing enough to protect computer systems from such high-risk bugs as Heartbleed, which allowed hackers to spy on computers but not take control of them.

The report said FEMA and the US Citizenship and Immigration Service still use the Microsoft Windows XP operating system, which may be vulnerable to hackers and that Microsoft stopped providing software updates for in April.

“DHS has worked to improve and secure its vast IT resources,” said Inspector General John Roth. “But those improvements can only be effective if component agencies fully adhere to the rules and DHS management vigorously enforces compliance.”

According to the Times of India, the inspector general’s office said the Secret Service has agreed to begin providing the required data to the DHS chief information officer. It made six recommendations to improve security, which the department accepted.