The US Department of Homeland Security (DHS) has utterly failed an extensive cyber-security audit conducted by the agency’s own Inspector General (IG).
Indeed, the DHS US-CERT office is currently plagued by at least 600 vulnerabilities that could compromise sensitive data, including 202 which have been classified as high-risk.
“Adequate security controls have not been implemented on the [Mission Operating Environment] to protect the data processed from unauthorized access, use, disclosure, disruption, modification, or destruction,” the IG confirmed in a recently published report.
“The results of our vulnerability assessments revealed that [National Cyber Security Division] is not applying timely security and software patches on the [Mission Operating Environment].”
According to the IG, the majority of vulnerabilities were traced to popular apps and platforms such as Microsoft Word, Adobe Acrobat and Java – rather than basic OS level breaches.
As such, the Inspector recommended that the DHS immediately patch and updated its systems – particularly the ones located in the department’s Virginia HQ.
Meanwhile, DHS spokeswoman Amy Kudwa confirmed that the agency had already implemented “a software management tool [to] automatically deploy operating-system and application-security patches and updates to mitigate current and future vulnerabilities.”