SSA has problems with unauthorized software, IG says

Agency had 197 malware incidents in past year

The Social Security Administration doesn't do enough to protect its IT systems against unauthorized installation of software, SSA Inspector General Patrick O’Carroll said in a new report.

SSA employees and contractors must get approval to install non-agency software on SSA computers. However, the policy needs improvement and is not always followed, O’Carroll wrote in the report, dated Oct. 27.

SSA’s monitoring of agency software configurations was insufficient, coordination on software was lacking between local managers and central management, and no disciplinary action was taken against the employees responsible for seven security breaches in November 2009, the report states. SSA officials said discipline was unwarranted because employees downloaded malware unintentionally.


Related stories:

SSA teleworkers may put personal data at risk

SSA to create dozens of new datasets


SSA still has security and malware problems, the IG wrote. From Oct. 30, 2009, to Sept. 21, 2010, the agency had approximately 197 malware incidents in which an individual could have gained unauthorized access to or disabled SSA’s systems, the report states.

“Although we only reviewed seven software-related security incidents, the potential for a larger issue may exist if adequate controls are not implemented to prevent the installation of unauthorized software,” O’Carroll wrote.

The report recommends that SSA:

  • Consider revising its software approval policy to ensure that all software goes through a central management point, such as the Office of the CIO, and remind employees and contractors of the software policy.
  • Enforce the policy through disciplinary action, when appropriate.
  • Have all software monitoring directed by the Office of Telecommunications and Systems Operations with implementation by local managers.

SSA officials agreed with the recommendations.

About the Author

Alice Lipowicz is a staff writer covering government 2.0, homeland security and other IT policies for Federal Computer Week.

Featured

  • Contracting
    8 prototypes of the border walls as tweeted by CBP San Diego

    DHS contractors face protests – on the streets

    Tech companies are facing protests internally from workers and externally from activists about doing for government amid controversial policies like "zero tolerance" for illegal immigration.

  • Workforce
    By Mark Van Scyoc Royalty-free stock photo ID: 285175268

    At OPM, Weichert pushes direct hire, pay agent changes

    Margaret Weichert, now acting director of the Office of Personnel Management, is clearing agencies to make direct hires in IT, cyber and other tech fields and is changing pay for specialized occupations.

  • Cloud
    Shutterstock ID ID: 222190471 By wk1003mike

    IBM protests JEDI cloud deal

    As the deadline to submit bids on the Pentagon's $10 billion, 10-year warfighter cloud deal draws near, IBM announced a legal protest.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.