Bureau told to plug security gaps

GAO letter to Bureau of Public Debt

Related Links

The Bureau of the Public Debt, which manages more than $5 billion a year, must overhaul its computer security to protect against unauthorized disclosure of financial information and other data, according to the General Accounting Office.

If left uncorrected, holes in the computer system could "increase the risk of inappropriate disclosure or modification of sensitive information or disruption of critical operations," the watchdog agency said.

Although the bureau has some computer controls that detect potential "irregularities or improprieties in its financial data or transactions," they are not preventive controls, GAO officials said in a letter to the bureau dated Sept. 13.

"Thus, BPD's computer resources or operating environment are exposed to threats such as unintentional errors or omissions or intentional modification...or destruction of data and programs by disgruntled employees or intruders," according to GAO.

Bureau officials had no immediate comment on the problem, but GAO analysts said they are fixing some of the vulnerability problems pointed out in earlier GAO reports.

Among the security gaps GAO cited:

* The bureau's password requirements for access control did not comply with industry standards.

* Although metal detectors operated properly, improvements could be made to other physical safeguards, such as locks, guards and alarms.

* During a power outage, the backup power system did not operate properly, which could increase the risk of individuals gaining unauthorized access to data.

Featured

  • Defense
    Soldiers from the Old Guard test the second iteration of the Integrated Visual Augmentation System (IVAS) capability set during an exercise at Fort Belvoir, VA in Fall 2019. Photo by Courtney Bacon

    IVAS and the future of defense acquisition

    The Army’s Integrated Visual Augmentation System has been in the works for years, but the potentially multibillion deal could mark a paradigm shift in how the Defense Department buys and leverages technology.

  • Cybersecurity
    Deputy Secretary of Homeland Security Alejandro Mayorkas  (U.S. Coast Guard photo by Petty Officer 3rd Class Lora Ratliff)

    Mayorkas announces cyber 'sprints' on ransomware, ICS, workforce

    The Homeland Security secretary announced a series of focused efforts to address issues around ransomware, critical infrastructure and the agency's workforce that will all be launched in the coming weeks.

Stay Connected