By George Russell, Fox News
Three years after Chinese hackers stole security clearance files and other sensitive personal information of some 22 million U.S. federal employees, cyber-defenses at the Department of Interior, which hosted White House Office of Personnel Management (OPM) servers targeted in the theft, were still unable to detect “some of the most basic threats” inside Interior’s computer networks — including malware actively trying to make contact with Russia.
In a 16-month examination of Interior’s ability to detect and respond to cyber-threats, evaluators from the department’s Office of Inspector General (OIG) also discovered that Interior’s technicians simply did not implement a sweeping array of mandatory, government-wide defensive measures ordered up after the disastrous OPM hack, didn’t investigate blocked intrusion attempts, and left “multiple” compromised computers on their network “for months at a time,” according to a redacted OIG report issued in March.
Ultra-sensitive security clearance files have since been moved to the Defense Department, but, among other things, the OIG report noted that:
● sensitive data at Interior could be taken out of the department’s networks “without detection.”
● network logs showed that a computer at the U.S. Geological Survey, an Interior bureau, was regularly trying to communicate with computers in Russia. The messages were blocked, but “the USGS facilities staff did not analyze the alerts.”
● dangerous or inappropriate behavior by network users — including the downloading of pornography and watching pirated videos on Russian and Ukrainian websites — was not investigated.
● computers discovered to be infected with malware were scrubbed as soon as possible and put back into use—meaning little or no effort went into examining the scope and nature of any such threats to the broader network. This happened, the OIG team noted, with one intruder they discovered themselves.
● simulated intrusions or ransomware attacks created by the examiners were carried out with increasing blatancy without a response—in the case of ransomware, for nearly a month
● After the devastating OPM hack, which was discovered in April 2015, the department didn’t even publish a lessons-learned plan for its staffers based on the disaster. The OIG inspectors reported that Interior started to draft an “incident response plan” that month to deal with future intrusions, but “did not publish it until August 2017”— two months after the OIG team had finished their lengthy fieldwork.
● Distressingly, the report also notes that the department’s cybersecurity operations team was not privy to a list of Interior’s so-called “high-value IT assets” prepared by the Chief Information Officer, “due to its sensitive nature.”
In other words, the people tasked with protecting Interior’s most important information sites were not told what they were.
To read the rest of the article, please visit Fox News.