The report analyzed the wireless security controls at 24 agencies and assessed the security of WLANs at the headquarters of six agencies in Washington, D.C.
"The wireless networks at the six federal agencies we tested were not secure. Specifically, we were able to detect wireless networks at each of the agencies from outside their facilities," GAO analysts said in their report. "Wireless-enabled devices were operating with insecure configurations at all six of the agencies."
In one agency, more than 90 laptops were not configured securely, according to the GAO report, which added: "Finally, there was unauthorized wireless activity at all of the agencies that had not been detected by their monitoring programs."
Most federal agencies in the study did not even have wireless network monitoring to ensure policy compliance and detect unauthorized wireless devices, the report noted. Eighteen agencies did not provide wireless security training for their employees and contractors. Thirteen had not established secure configuration requirements.
The GAO recommended that the director of the Office of Management and Budget (OMB) direct agencies to ensure that WLAN secruity is addressed in their infosec programs. OBM agreed with the recommendation and outlined actions to address it.
As reported in SC Magazine, the U.S. Department of Homeland Security failed to meet user needs or to conduct enough security testing by rushing development of a secure network for sensitive data, according to a report by the DHS inspector general.