Government Digital Security Ripe For Hacking
Testifying Tuesday before the House Armed Services Committee, Terrorism, Unconventional Threats and Capabilities Subcommittee, Lieutenant General Keith Alexander, commander, Joint Functional Component Command for Network Warfare, said the country's digital security efforts are woefully underdeveloped.
"The cybersecurity training provided to our servicemen and women, and the civilian and contractor workforce, is inadequate and must be improved," said Alexander, according to a transcript of his testimony. "Our adversaries are taking advantage of this lack of assiduousness and discipline that ultimately costs hundreds of millions of dollars in lost information and work hours."
The Government Accountability Office echoed Alexander's testimony in a report issued Tuesday, noting that because of the absence of robust security programs, several government agencies have experienced a wide range of incidents involving data loss or theft, computer intrusions and privacy breaches.
"Federal systems are not sufficiently protected to consistently thwart cyberthreats," wrote Gregory Wilshusen, director, Information Security Issues, in the GAO report.
"Serious and widespread information security control deficiencies continue to place federal assets at risk of inadvertent or deliberate misuse, financial information at risk of unauthorized modification or destruction, sensitive information at risk of inappropriate disclosure and critical operations at risk of disruption," he said.
Wilshusen said that in the last several years, most agencies have not implemented controls to sufficiently prevent, limit or detect access to computer networks and systems. He said that the vulnerabilities were reported at 23 of 24 major agencies for fiscal year 2008.
According to Wilshusen, government agencies do not always configure network devices and services properly, segregate incompatible duties or ensure that continuity of operations plans contain all essential information.
In February, President Barack Obama called for a 60-day review of government cybersecurity measures; the results were handed in April 17. The findings have not yet been made public.
Sometime this month, the Pentagon will open a new cybersecurity command center at Fort Meade, Md., which will be led by Gen. Alexander.