An editorial in today’s Wall Street Journal titled “Washington’s Next Hacking Target?” warns that the U.S. Department of Education could be a cybersecurity disaster. A congressional hearing today was scheduled to explore the department’s failure to protect data from cyberattack. The department data includes information on $100 billion in student loans every year.
Following the Chinese hack of the Office of Personnel Management, the government needs top flight information officials and not people who view it as a sinecure with time to run other businesses, the editorial noted.
Chairman Cites Recurring Failures
House Oversight Chairman Jason Chaffetz cited recurring failures at the department documented by external and internal auditors. He said the department’s data on student loan borrowers and their parents are a reason to make sure the bureaucrats prevent digital intrusions. He also noted that the bureaucracy holds 139 million Social Security numbers digitally.
Outstanding student loans exceed $1 trillion and President Obama has expressed interest in forgiving these debts. “It would add insult to injury if cyber-fraudsters were able to pile on for a taxpayer plundering,” the editorial stated.
Kathleen Tighe, the inspector general (IG) for the education department, reported in November that deficiencies were repeatedly occurred in information security. Auditors found persistent IT control shortcomings in key financial systems since 2009, she said.
A 2015 internal audit of information security found more problems, such as an inability to detect unauthorized devices connecting to the network.
The inspector general also noted key weaknesses in internal intrusion detection and system penetration prevention. She noted her team was able to gain full access to the department network which went undetected by the contractor overseeing the system and the department itself.
Also read: Report: State-sponsored Chinese hackers targeted U.S. firms even after recent cyber pact
IG Investigates CIO
The inspector general’ office has also been investigating Danny Harris, CIO, over possible misuse of government property as well as other transgressions, based on internal documents The Wall Street Journal has reviewed.
William Hamel, the assistant inspector general, in 2013 reported that Harris operated outside business ventures whereby he employed department subordinates and took payments from them and others for detailing their cars and installing home heaters.
Harris said in his prepared testimony that he has ended financial relationships with the department and made no money from the car detailing and has amended his tax returns to reflect previously-unreported income form home theater installations.
Image from Shutterstock.