The Department of Homeland Security, which is charged with protecting America’s computer infrastructure, left “significant” holes in its own cyber security, according to a new government report.
The review by the department’s own inspector general found “significant exceptions to a strong and effective information-security program,” including antiquated software that’s full of holes.
“This report shows major gaps in DHS’s own cyber security, including some of the most basic protections that would be obvious to any 13-year-old with a laptop,” fumed Oklahoma Sen. Tom Coburn, the top Republican on the Senate Homeland Security Committee.
“President Obama has called on the private sector to improve its cyber-security practices to ensure that our nation’s critical infrastructure is not vulnerable to an attack,” he said.
“DHS and other agencies must be held to at least the same standard.”
The report also found that DHS doesn’t use strong authentication protections on its own computers and fails to report security incidents when it should.
The department doesn’t keep track of cyber-security weaknesses when they’re uncovered, and doesn’t fix vulnerabilities in time, the report concludes.