TheUS Department of Homeland Security,
which sets the benchmark for IT security practice in America,
suffered more than 840 IT security lapses in 2005 and 2006, despite
spending $332m on IT security this year.
This emerged during Congressional hearings on the DHS’s lapses.
These included
Trojan infections, sending classified e-mails over unprotected
networks, hard copies of user IDs and passwords for a local network
administrator, and unauthorised attachment of personal digital
devices to DHS networks.
At the hearing, Government Accountability Office (GAO) auditors
damned the DHS’s US-Visit programme, which is meant to keep out
undesirable visitors by using biometric identity measures. The GAO
said sensitive personal information was at risk unless DHS fixed
“pervasive” IT-security flaws.
GAO auditor Keith Rhodes told the hearing he did not find
anti-hacking controls, defensive perimeters, or intrusion or change
detection measures.
US Homeland Security condemned as insecure >>
Zitz put in charge of cybersecurity at DHS >>
Comment on this article:
computer.weekly@rbi.co.uk