The Patent and Trademark Office last year inappropriately connected its Public and Enterprise Wireless LAN – PEWLAN – to its operational environment, the Department of Commerce’s inspector general has found.
It said that last April the agency connected the LAN to its operational environment with minimal consideration – that is, without first identifying, implementing and documenting security controls required to protect the system through which USPTO employees and contractors can access financial and patent application information.
The agency reportedly agreed with recommendations to ensure that system owners register all systems under development in cyber security assessment and management during the initiation phase of the system development life cycle, ensure that the agency applies those process and the risk management framework to all IT system development projects, ensure that system owners, information system security officers, technical leads, project managers, and program managers attend role-based training course regularly, and ensure that the Cybersecurity Division representatives have a role in deciding whether IT system development projects should transition to a subsequent phase, based on their assessment of the effectiveness of incorporating security into the process.
