Bureau told to plug security gaps
- By Judi Hasson
- Sep 21, 2001
GAO letter to Bureau of Public Debt
The Bureau of the Public Debt, which manages more than $5 billion a year, must overhaul its computer security to protect against unauthorized disclosure of financial information and other data, according to the General Accounting Office.
If left uncorrected, holes in the computer system could "increase the risk of inappropriate disclosure or modification of sensitive information or disruption of critical operations," the watchdog agency said.
Although the bureau has some computer controls that detect potential "irregularities or improprieties in its financial data or transactions," they are not preventive controls, GAO officials said in a letter to the bureau dated Sept. 13.
"Thus, BPD's computer resources or operating environment are exposed to threats such as unintentional errors or omissions or intentional modification...or destruction of data and programs by disgruntled employees or intruders," according to GAO.
Bureau officials had no immediate comment on the problem, but GAO analysts said they are fixing some of the vulnerability problems pointed out in earlier GAO reports.
Among the security gaps GAO cited:
* The bureau's password requirements for access control did not comply with industry standards.
* Although metal detectors operated properly, improvements could be made to other physical safeguards, such as locks, guards and alarms.
* During a power outage, the backup power system did not operate properly, which could increase the risk of individuals gaining unauthorized access to data.