Federal Manager's Daily Report

The Postal Service lacks a culture of cybersecurity, says an IG review conducted in the wake of disclosures of personnel information there in 2014 that in many ways anticipated the later-announced breaches of OPM’s personnel and security clearance files.

“The Postal Service had not adequately emphasized cybersecurity responsibilities as an integral part of its business operations because it had not established a cybersecurity culture to support business operations and drive behavior. Cybersecurity culture is demonstrated when staff members consider the security of information while using it, the IT group anticipates the need for security in its systems, program managers embrace security measures, and senior managers engage in cybersecurity-related decision making,” the report said.

ADVERTISEMENT

It found problems including low completion rates and weak policies for annual security awareness training; outdated systems and software; a history of poor collaboration among units; and understaffing of cybersecurity experts.

It did credit postal management with taking steps including enhanced monitoring, strengthened access management intrusion detection and authentication, and improved risk assessment.