U.S. Government Faces IT Security Gaps

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  

President Obama's recent order of an immediate two-month review of the federal government's cybersecurity plans apparently can't come fast enough. The federal government, dogged by computer security issues over the years, was hit by two more incidents this week.

One occurred at the Federal Aviation Administration (FAA), where data of 49,000 people were stolen during a data breach. The other occurred at the Los Alamos National Laboratory (LANL) in New Mexico, which is undergoing a security shakeup following the discovery that a total of 90 computers were reported missing or stolen over the past year.

Experts have been calling for an overhaul of federal computer security practices.

The latest incidents, which occurred at organizations which should have had a higher level of security, make it look as if things have not improved over the past four years. In 2005 and 2006, the Department of Homeland Security suffered 844 security breaches, leading a House subcommittee to accuse DHS CIO Scott Charbo of not doing his job during a hearing in 2007.

In the FAA breach, which could impact 49,000 people, data was stolen from 48 files on one server, FAA spokesperson Laura Brown told InternetNews.com. Two of the files combined had data on 49,000 employees.

One had names and social security numbers of 45,000 employees who joined the FAA on or after February 1, 2006. The other had names and encrypted medical information of 4,000 employees in the FAA's safety organization but did not contain any social security numbers, Brown said.

The remaining files have data that is either in the public domain or non-private data, Brown said. The FAA has notified those affected, and will offer them free credit monitoring. It is working with the FBI and the Department of Transportation's inspector general to investigate the breach.

Brown said the FAA was alerted February 1 by the Department of Transportation's cybersecurity monitoring system about the breach, and it took about a week to determine what data had been taken. Employees were notified a week later, this past Monday. No FAA operational systems appear to have been breached, Brown said. Since the breach occurred, the FAA has begun tightening up its security, Brown said.

Do you know where your computers are?

The problems at Los Alamos National Laboratory are more troubling because the lab, which bills itself as the premier national security science laboratory, deals with highly classified projects including safeguarding the U.S. nuclear deterrent and offering mission-critical support for NASA.

In January, three computers were stolen from the home of a LANL scientist in Santa Fe, New Mexico, earning the lab a rebuke from its client, the Department of Energy's National Nuclear Security Administration (NNSA), according to the Web site of the Project on Government Oversight (POGO). POGO is an independent nonprofit that says its mission is to investigate and expose corruption and other misconduct in the federal government.

The NNSA letter, signed by contracting officer Robert Poole, said that, although LANL has improved the robustness of its cybersecurity implementation, the theft revealed concerns in various areas. It also said that LANL later reported that 13 computers had been lost or stolen in the past 12 months and 67 others were missing. "The magnitude of exposure and risk to the laboratory is at best unclear as little data on these losses has been collected or pursued given their treatment as property management issues as well."

This article was first published on InternetNews.com.