Commerce’s Bureau of Industry and Security could not detect the attacks until the IG intentionally acted to trigger alerts, and the IG said the response was ineffective. Image: eamesBot/Shutterstock.com
A simulated attack by the inspector general’s office at the Commerce Department found weaknesses in a component’s cyber defenses, the latest in a series of such findings at that department and elsewhere in government.
The test was made against Commerce’s Bureau of Industry and Security, whose role includes oversight of export controls helps restrict the proliferation of weapons of mass destruction and the means of delivering them, making it and the department “attractive targets for sophisticated state sponsored adversaries,” said a report.
Without naming the systems tested, the report said that “We found that BIS did not effectively detect and respond to our simulated malicious activities. BIS could not detect our attacks until we intentionally acted to trigger alerts. Once BIS was alerted, its response was not effective at containing the potential damage and eradicating our access to its networks.”
It also found that BIS lacked effective detection and response capabilities to handle our simulated malicious activities; misconfigured critical security controls for its export control networks; and mishandled classified and other privileged credentials in a way that “allowed us to expand our attacks and avoid containment.”
“If BIS does not improve its current capabilities, advanced adversaries could significantly harm sensitive U.S. export control efforts, which in turn affects national security,” it said, adding that BIS concurred its recommendations and described actions it has taken or plans to take to address them.
The report follows similar findings in recent years from simulated cyberattacks by the IG of other Commerce components, as well as by the IGs of several other agencies.
OPM Advises Agencies on Conducting RIFs During Shutdown
Updated Shutdown Contingency Plans Show Range of Impacts
Use Shutdown as Justification for More RIFs, OMB Tells Agencies
Unions Win a Round in Court Disputes over Anti-Representation Orders
Deferred Resignation Periods End for Many; Overall 12% Drop
Senate Bill Would Override Trump Orders against Unions
See also,
How to Handle Taxes Owed on TSP Roth Conversions? Use a Ladder
The Best Ages for Federal Employees to Retire
Best States to Retire for Federal Retirees: 2025