The US Department of Homeland Security, which sets the benchmark for IT security practice in America, suffered more than 840 IT security lapses in 2005 and 2006, despite spending $332m on IT security this year.
This emerged during Congressional hearings on the DHS’s lapses. These included Trojan infections, sending classified e-mails over unprotected networks, hard copies of user IDs and passwords for a local network administrator, and unauthorised attachment of personal digital devices to DHS networks.
At the hearing, Government Accountability Office (GAO) auditors damned the DHS’s US-Visit programme, which is meant to keep out undesirable visitors by using biometric identity measures. The GAO said sensitive personal information was at risk unless DHS fixed “pervasive” IT-security flaws.
GAO auditor Keith Rhodes told the hearing he did not find anti-hacking controls, defensive perimeters, or intrusion or change detection measures.
Zitz put in charge of cybersecurity at DHS >>
Comment on this article: [email protected]