Federal Manager's Daily Report

Commerce’s Bureau of Industry and Security could not detect the attacks until the IG intentionally acted to trigger alerts, and the IG said the response was ineffective. Image: eamesBot/Shutterstock.com

A simulated attack by the inspector general’s office at the Commerce Department found weaknesses in a component’s cyber defenses, the latest in a series of such findings at that department and elsewhere in government.

The test was made against Commerce’s Bureau of Industry and Security, whose role includes oversight of export controls helps restrict the proliferation of weapons of mass destruction and the means of delivering them, making it and the department “attractive targets for sophisticated state sponsored adversaries,” said a report.

Without naming the systems tested, the report said that “We found that BIS did not effectively detect and respond to our simulated malicious activities. BIS could not detect our attacks until we intentionally acted to trigger alerts. Once BIS was alerted, its response was not effective at containing the potential damage and eradicating our access to its networks.”

It also found that BIS lacked effective detection and response capabilities to handle our simulated malicious activities; misconfigured critical security controls for its export control networks; and mishandled classified and other privileged credentials in a way that “allowed us to expand our attacks and avoid containment.”

“If BIS does not improve its current capabilities, advanced adversaries could significantly harm sensitive U.S. export control efforts, which in turn affects national security,” it said, adding that BIS concurred its recommendations and described actions it has taken or plans to take to address them.

The report follows similar findings in recent years from simulated cyberattacks by the IG of other Commerce components, as well as by the IGs of several other agencies.

Deferred Resignation Periods about to End for Many; Overall 12% Drop

Retirement Surge Likely as Deferred Resignation Periods End

Senate Rejects Bills to Defer Shutdown; Familiar Process Lies Just Ahead

Senate Bill Would Override Trump Orders against Unions

Report Describes Impact of Shutdown on Employees, Agencies

TSP Adds Detail to Upcoming Roth Conversion Feature

See also,

How to Handle Taxes Owed on TSP Roth Conversions? Use a Ladder

The Best Ages for Federal Employees to Retire

Best States to Retire for Federal Retirees: 2025

Pre-RIF To-Do List from a Federal Employment Attorney

Primer: Early out, buyout, reduction in force (RIF)

2025 Federal Employees Handbook