"Our ability to provide immediate response to vulnerabilities and threats ... is quickly establishing VA as a model of excellence for the rest of the federal government."
VA CIO Roger Baker says in testimony before a House panel.
The non-standardized collection device is responsible for 13 percent of the biometric records maintained by DOD, representing some 630,000 DoD records that cannot be searched automatically against FBI's database of about 94 million records.
"Without improvements, the weaknesses identified may limit program and site-level officials' ability to make informed risk-based decisions that support the protection of classified information and the systems on which it resides," says Rickey R. Hass, deputy inspector general for audits and inspections.
Attackers could leverage vulnerabilities to gain control of air traffic control systems, with intruders using unprotected computers to compromise other systems that depend on the same network, a Transportation Department audit reveals.
The Social Security Administration sold the information in a database of deceased individuals that erroneous contained the Social Security numbers, dates of birth, full names and ZIP codes of living people, the inspector general reports.
Auditors find that the SEC's IT office documented and incorporated National Institute of Standards and Technology patch requirements in its policies and procedures but that guidance wasn't always followed.
Until the IRS corrects the identified weaknesses, its financial systems and information remain unnecessarily vulnerable to insider threats, including errors or mistakes and fraudulent or malevolent acts by insiders, GAO auditors says.
Nearly 8 of 10 hard drives tested contained tax returns, Social Security numbers, names of children placed in foster homes, passwords and child abuse documentation, an audit by New Jersey authorities reveals.
Homeland Security's U.S. Citizenship and Immigration Services IT systems are vulnerable to insider threats, according to a report by the Insider Threat Center at CERT, part of the Software Engineering Institute at Carnegie Mellon University.
The latest Government Accountability Office report reflects the complexity of securing key IT systems: The administration has come far the past two years, but much more work remains to be done to secure effectively the nation's critical information infrastructure.