A senator has released a report detailing numerous oversights, which have threatened the security of sensitive government data and critical infrastructure operations.
On Tuesday, Sen. Tom Coburn, R-Okla., published the 19-page report (PDF), called “The Federal Government's Track Record on Cybersecurity and Critical Infrastructure,” which he prepared along with the Minority Staff of the Homeland Security and Governmental Affairs Committee.
The report highlighted concerning breaches that have cropped up in recent years, including a January 2013 incident where an unauthorized user accessed a national database containing sensitive information on the condition of U.S. dams.
In addition, more recent security lapses made their way into the report, namely, the inadequate security measures taken by the Department of Homeland Security, which had been tasked with securing 95 percent of its internet traffic last year.
The Office of Management and Budget (OMB), which consults with President Obama on budget issues and agency policies and procedures, set the goal for DHS, which failed to meet the objective as of last November.
“Just 72 percent of DHS internet traffic passed through [trusted internet connections] TICs,” the senator's report said. “It should be noted that DHS is responsible for the administration's efforts to consolidate federal internet traffic through TICs.”
The report also called to light issues within the U.S. Nuclear Regulatory Commission (NRC), which maintains sensitive data on the country's nuclear facilities.
Of note, NRC's inspector general revealed in a December 2013 audit report (PDF) that staff within the agency held a “lack of confidence” in NRC's information technology division.
“…NRC offices have effectively gone rogue – by buying and deploying their own computers and networks without the knowledge or involvement of the department's so-called IT experts,” Sen. Coburn's report said.
The practices were noted in the reported as exposing particularly critical processes, and data about nuclear reactors, to undue threat.
“The design and security plans of every nuclear reactor, waste storage facility, and uranium processing facility in the United States; records on every individual licensed to operate or supervise nuclear reactors; and information on the design and process of nuclear material transport all live on the NRC's system,” the report said.