DHS fails cyber-security audit

The US Department of Homeland Security (DHS) has utterly failed an extensive cyber-security audit conducted by the agency’s own Inspector General (IG).

Indeed, the DHS US-CERT office is currently plagued by at least 600 vulnerabilities that could compromise sensitive data, including 202 which have been classified as high-risk.

“Adequate security controls have not been implemented on the [Mission Operating Environment] to protect the data processed from unauthorized access, use, disclosure, disruption, modification, or destruction,” the IG confirmed in a recently published report.

“The results of our vulnerability assessments revealed that [National Cyber Security Division] is not applying timely security and software patches on the [Mission Operating Environment].”

According to the IG, the majority of vulnerabilities were traced to popular apps and platforms such as Microsoft Word, Adobe Acrobat and Java – rather than  basic OS level breaches.

As such, the Inspector recommended that the DHS immediately patch and updated its systems – particularly the ones located in the department’s  Virginia HQ. 

Meanwhile, DHS spokeswoman Amy Kudwa confirmed that the agency had already implemented “a software management tool [to] automatically deploy operating-system and application-security patches and updates to mitigate current and future vulnerabilities.”