Cybersecurity

USPS flooded with false malware positives

Shutterstock image (by Pavel Ignatov): Alert icon.

The U.S. Postal Service's system for handling IT security events is almost entirely reporting false positives for malware, and leaders have known about the problem but haven't fixed it, according to a recently released inspector general report.

Auditors noted that a large number of false positives can threaten a system's ability to catch and mitigate the real threats.

The IG's office analyzed the 10 program files that USPS' system most commonly referenced as malware, which represented 97 percent of malware reports in the fourth quarter of fiscal 2015.

Nearly all were bunk.

"IT security management stated they were aware that all but one of these programs were false positives based on earlier research but did not remove them due to other priorities, such as implementing new tools and processes," the auditors wrote.

A spokesperson said the report was delivered to USPS officials on May 10, but it was only made public last week.

Agency leaders agreed with the IG's recommendation to weed out false positives. Chief Information Security Officer Randy Miskanic said such work is part of the agency's ongoing security overhaul, which USPS plans to finish by the end of the year.

About the Author

Zach Noble is a former FCW staff writer.

Featured

  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.