The audit follows one in 2022 where the IG found more than 7,000 instances of unauthorized software on the EPA network. Image: kmls/shutterstock.com
An inspector general audit has found unauthorized software on the computers of more than 100 EPA employees and contractors–including software that makes it appear that the user is active on a computer that actually is dormant—that it said “represent critical cybersecurity risks and ethics violations for the agency.”
The report said that “mouse jiggler” software, which prevents the computer from entering sleep mode and locking out its user, “can have legitimate uses” such as to keep a computer active while lengthy updates or backups are underway, or during maintenance or repair work.
For that reason, some IT employees apparently believed they were exempt from the ban on such software, the report said. However, the EPA has not approved any such uses, and such software also was found on computers of non-IT employees, including supervisors.
“Furthermore, we discovered inconsistencies in how quickly the regional offices acted to remove the jiggler software after it was detected,” it said.
The audit follows one in 2022 where the IG found more than 7,000 instances of unauthorized software on the EPA network, “including foreign software and malware programs that gather user information, allow remote control of the EPA user’s computer, and have a history of being used for targeted attacks.” The EPA carried out several improvements in response to that report, it said, including warning computer users that installing or using unauthorized software not only violates rules of behavior but also can result in criminal charges.
The report made recommendations including that the EPA perform a global network scan to identify and remove jiggler and other unauthorized software, put in place tools to prevent such software from being installed, conducting regular scans, and ensuring consistency in responses, including disciplinary actions for violations. Because the report was in the nature of a management alert, there was no response from the EPA.
The report is the latest in a recent series from the IGs of agencies including ICE, SBA, USPS and GPO finding unauthorized software on agency-issued computers and smart phones that similarly raised concerns about potential security breaches.
Deferred Resignation Periods about to End for Many; Overall 12% Drop
Retirement Surge Likely as Deferred Resignation Periods End
Senate Rejects Bills to Defer Shutdown; Familiar Process Lies Just Ahead
Senate Bill Would Override Trump Orders against Unions
Report Describes Impact of Shutdown on Employees, Agencies
TSP Adds Detail to Upcoming Roth Conversion Feature
See also,
How to Handle Taxes Owed on TSP Roth Conversions? Use a Ladder
The Best Ages for Federal Employees to Retire
Best States to Retire for Federal Retirees: 2025