GAO blasts Agriculture security

January 2004 GAO report on Agriculture

Related Links

The Agriculture Department received a stinging reprimand from the General Accounting Office in January for what Congressional auditors said was a poor record of protecting electronic information.

USDA officials did not dispute GAO's assessment of the department's security weaknesses, which a report characterized as "significant, pervasive information security control weaknesses."

The USDA was one of seven federal agencies that received an F last year when Rep. Adam Putnam (R-Fla.) passed out grades on information security.

Citing USDA managers' failure to protect the perimeter of the department's network and set appropriate controls on mainframe access, GAO officials said that information about payroll and financial transactions, agricultural production and marketing estimates, and other sensitive information "are at increased risk of unauthorized disclosure, modification or loss, possibly without being detected."

In the report, which was completed Jan. 30 and publicly released today, GAO faulted the department for lacking a comprehensive program for dealing with electronic and physical security matters. Citing specific areas where the department has fallen behind, the report states that three USDA agencies had still not conducted risk assessments of their information systems. Furthermore, the department had tested the security controls on only half of its information systems in the past year, auditors found.

GAO found instances where servers were configured to allow unauthorized users to connect to the network without entering a valid user ID and password. Once connected, unauthorized users could gain access to system information, including user ID and password information.

The report also cited a USDA inspector general's report last year, which concluded that "lack of management involvement has been a key factor in agencies' poor security performance." GAO officials, in their more recent report, concurred.

Featured

  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.