Thursday, November 19, 2015

Congress blasts U.S. Education Department for vulnerabilities in data bases - The Washington Post

Congress blasts U.S. Education Department for vulnerabilities in data bases - The Washington Post:

Congress blasts U.S. Education Department for vulnerabilities in data bases







The U.S. Education Department came under withering criticism — from Republicans and Democrats — at a House oversight hearing about just how vulnerable its information systems are to security threats.
Lawmakers at the hearing, held on Tuesday by the full House Oversight and Government Reform Committee, took Danny Harris, the chief information officer of the Education Department, to task for the way data is handled for more than 40 million federal student loan borrowers as well as other aid programs that serve millions more students.
The department maintains 184 information systems, with 120 managed by outside contractors, and 29 are valued by the Office of Management and Budget as “high asset,” according to the committee. In 2014, the department’s Inspector General’s Office found in a report that:
While the Department made progress in strengthening its information security program, many longstanding weaknesses remain and the Department’s information systems continue to be vulnerable to serious security threats.
Inspector General Kathleen Tighe testified that serious deficiencies remain. She said that her office had been able to penetrate some department systems without being detected. “We could have really done anything in there,” she said, saying that “outsiders” could find their way in too. She also said, “I am still concerned about the potential for breaches in the department.”
A congressional scorecard issued this month on how well federal agencies were implementing four key areas of the Federal Information Technology Acquisition Reform Act, or FITARA, gave the Education Department three Fs and one D. Harris, asked about the failing grades, said he thinks the department should have received a C — but both Democratic and Republican lawmakers made clear they didn’t agree.
On Tuesday, Harris engaged in some testy back-and-forth with lawmakers about just how secure the systems really are. Asked by North Carolina Republican Rep. Mark Meadows  if he would stake his reputation on there not being a breach of department education systems, he said he would, and then said that on a scale of 1 to 10, he would rank his confidence at a 7. Georgia Republican Rep. Jody Hice responded:
“How in the world can you give yourself a 7 out of 10 when you’re using technology that isn’t even supported?…When can we expect the system to be secure?…This is an issue, Mr. Chairman, that hits every district in this country.”
Utah Republican Rep. Jason Chaffetz, the chairman of the committee, said that the department has at least 139 million unique Social Security numbers Congress blasts U.S. Education Department for vulnerabilities in data bases - The Washington Post: