In a test of cybersecurity at the Census Bureau, an IG team “was able to gain unauthorized and undetected access” to personally identifiable information of Bureau employees, a report says.
The IG said it had a “red team” conduct a test of the Bureau’s susceptibility to advanced cyber threats after it was the target of a hack in early 2020—just as that year’s census was about to start—that “came from exploiting a known vulnerability” in its virtual desktop structure. “By bypassing multiple security countermeasures and evading detection by the Bureau’s security staff, the red team demonstrated a critical threat to the Bureau’s information security,” it said.
That allowed the team for example to gain access to files on employees including hiring forms with Social Security numbers, first and last names and home addresses. The team also was able to “reduce the Bureau’s defensive options . . . use insecure programs to send fake emails; and carry out malicious actions that identified 11 security weaknesses.”
Many specifics of what was done, and what the IG recommended to counter it, were redacted from the report. However, the released portions included references to issues with who was given what level of access, use of “weak” passwords and “insufficient incident detection and alerting.”
It’s Déjà vu Again as Funding Deadline Approaches; DoD Bill also Still Pending
First Move Made against IRS Funding, Employment Boost
We Need More Money to Improve Service to You, SSA Tells Public
Extra Time Off around Christmas Holiday Unlikely This Year
Survey Again Points to Low Employee Engagement, Leadership Issues at DHS
Late-Year Retirement Considerations: 2022 Has Advantages for Feds
OPM to Close FLTCIP to New Enrollments Starting December 19
Open-Space Floor Plans Maybe Not Such a Good Idea Now, Report Suggests
Pay Gap Increases; New, Expanded Localities Again Recommended
See also,
More Investors under FERS Maxing Out Gov Match, TSP Says
Early Marker for 2024 Raise Set: 5.2 Percent
Pay Attention to Family vs. Self Plus One Rates in FEHB, OPM Advises
FERS Retirement Planning Bundle: 2022 FERS Guide & TSP Handbook