US Treasury's intelligence network vulnerable to hack

By on
US Treasury's intelligence network vulnerable to hack

Audit finds connected devices not meeting infosec standards.

Lax security left the US Treasury's system for tracking overseas threats to America's financial system vulnerable to hackers, according to a government audit prepared in late 2014.

The treasury foreign intelligence network is used by US spy agencies to share top-secret information and to keep tabs on the impact of sanctions against countries such as Iran and Russia, as well as militant groups like Hezbollah.

The report, prepared in September 2014, gave no indication the foreign intelligence network had been hacked. But auditors found up to 29 percent of Treasury's devices connected to the intelligence network did not meet federal cybersecurity standards.

"As a result ... devices may not be protected with the most secure recommended configurations, increasing the risk of being compromised," the Treasury's Office of Inspector General said.

A copy of the audit was obtained through a US Freedom of Information Act request. A Treasury official said the OIG had identified a "minor issue on a very secure system."

"Since the release of the audit, Treasury has remedied this matter," the official said.

The report comes to light following the theft by hackers of millions of US government personnel files. America's intelligence chief has said that hack was linked to China, although US officials say the government does not plan to publicly blame Beijing.

Intelligence analysts use the Treasury's system to identify overseas threats to America's economy and finances. Treasury secretary Jack Lew last year said the prospect of a cyber attack on the US financial system was a "real threat" to national security.

The Treasury's intelligence system is also used to assess the economic disruption caused by US sanctions on targeted countries, groups and individuals.

Treasury originally designed its foreign intelligence network in 2004 to be used by about 30 officials but built up the system to accommodate more users as America stepped up its global campaign against al Qaeda and other militant groups.

Between March and May of 2014, OIG auditors conducting an annual review of Treasury's cybersecurity found some computers using Microsoft's Windows had not been properly configured.

That meant network engineers would have trouble updating security software for the sensitive network's computers, servers and printers, the audit said.

This was not the first time auditors had found the top-secret Treasury system lacking. In a 2008 audit, the OIG found the Treasury foreign intelligence network was slow in upgrading a system that had relied on "antiquated hardware and software."

In a letter attached to the 2014 report, the Treasury's top intelligence officer, S. Leslie Ireland, said she agreed with the OIG's findings.

Treasury officials were already working to close the security gap and planned to finish that job by April 2015, about six months after the audit, Ireland said.

Tags:

Most Read Articles

Log In

Username:
Password:
|  Forgot your password?