US Treasury Intelligence Network Nodes Below Security Standards
An audit conducted last year and compiled in a report states that certain important US Treasury computer systems do not meet Federal cybersecurity standards. Reuters filed a Freedom of Information Act request for the report filed in last September, and what they found inside was cause for alarm.
The Treasury Foreign Intelligence Network is a subset of the Treasury that aids US and allied spies in monitoring financial activity of enemies and monitor the US foreign policy, such as sanctioning of trade in Iran. For that reason, the network is incredibly sensitive, but up to 29% of the nodes on the Intelligence Network did not meet basic federal cybersecurity standards as laid out in the Federal Information Security Management Act (FISMA.) The report mentions that they did not even audit the network for a more recent standard.
The 30-page document is overall positive in light of Treasury’s security practices but mentions several times that vulnerabilities have yet to be addressed.
Across the government, it seems, there are computer systems with access to sensitive data that are not properly secured. Even if the guidelines in FISMA are followed, no computer will ever be immune to hacking, as any security professional will tell you. There will always be new flaws and exploits, and at the end of the day, a perfect system would still be used by imperfect human beings.
There have been no exploits making use of the weak security on TFIN as of yet, and a year has passed since the report was published.
Update from Treasury Spokesperson:
Treasury is committed to maintaining secure IT networks and complying with the Federal Information Security Management Act. The Inspector General’s 2014 audit identified a minor issue on a very secure system. Since the release of the audit, Treasury has remedied this matter.
Images from Shutterstock.