While the Education Department has strengthened its information security programs, an internal audit said "longstanding weaknesses" could potentially leave systems vulnerable to serious threats. The department's inspector general said it had identified about a half dozen issues from reports in previous fiscal years. In some cases, the department didn't implement fixes even though it said it had done so.
The Nuclear Regulatory Commission needs to perform continuous monitoring of its information systems and update its system security plans, according to a recently released internal audit.
The IG's report listed a number of challenges across the Homeland Security Department over the last year through investigations and audits, but it didn't contain any recommendations.
As cyber threats, attacks and espionage escalate against the United States, the Justice Department needs to make sure it's properly addressing these issues in a coordinated manner and sharing critical information with industry, among other measures, the inspector general said.
Several major electronic privacy organizations have filed amicus briefs, supporting the Federal Trade Commission's lawsuit against Wyndham Worldwide Corp. that, the commission alleged, failed to protect consumer information.
The Postal Service breach announced Nov. 10 serves as yet another example of the vulnerabilities found in federal IT systems, said Sen. Tom Carper (D-Del.) in a statement emailed to members of the press. Carper is using the USPS breach as an opportunity to garner support for cyber legislation that has repeatedly become a back-burner issue on the Hill.
A Naval research laboratory is helping Marine Corps intelligence improve its cybersecurity environment, and these activities could potentially be expanded across the entire service, Defense Department and other governmental organizations.
Steps taken by the Federal Energy Regulatory Commission have improved its unclassified cybersecurity program, including the management of software upgrades and fixes, according to a review by the Energy Department's inspector general.
The Internal Revenue Service failed to consistently document when it made exceptions to its own information technology security policies and requirements based on suitable justifications and a thorough assessment of potential risks, finds a Treasury Inspector General for Tax Administration report (pdf) dated Sept. 22 but only issued publicly Nov. 6.
Many federal agencies are not satisfied with the state of information governance at their agencies, according to a new survey. Seventy-six percent have an enterprisewide information governance strategy but only 22 percent say it's "very effective," finds a survey of 152 federal government attorneys, IT executives, Freedom of Information Act agents and records managers published by Symantec Nov. 6.