Vulnerability Management

Thousands of vulnerabilities identified in government system

Nearly 3,000 critical and high-risk vulnerabilities were identified in three U.S. Department of the Interior (DOI) bureaus.

The Department's Inspector General wrote in a report on the vulnerabilities that they could allow a remote attacker to take control of publicly accessible computers or render them unavailable.

“More troubling,” the report states, is that a remote attacker could use “a compromised computer to attack the Department's internal or non-public computer networks.”

Of particular note, DOI's system hosted the 4.2 million federal personnel files stolen in the first Office of Personnel Management (OPM) data breach.

The OPM perpetrators are said to have used a contractor's credentials to get into OPM's system, which they then used to move over to the DOI network hosting the personnel data.

The DOI failed to monitor its publicly available systems for vulnerabilities, the report states, and didn't isolate those systems from its internal computer networks.

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.