Washington’s Next Hacking Target? An agency holding 139 million Social Security numbers fails cyber test.
http://www.wsj.com/articles/washingtons-next-hacking-target-1454371917
If you think the Department of Education is making a mess of the student-loan program, you should see how it manages technology. Recurring failures documented by internal and external auditors have House Oversight Chairman Jason Chaffetz warning that the agency could be Washington’s next cyber-disaster.
The education department doesn’t hold nuclear launch codes. But its vast data trove on student-loan borrowers and their parents—and the nearly $100 billion it disburses in new loans every year—are reason enough to want the bureaucrats to prevent digital intrusions. Mr. Chaffetz says the bureaucracy now holds, among other things, 139 million Social Security numbers in its digital files.
The stakes go well beyond personal privacy. Federal student loans outstanding exceed $1 trillion, and Team Obama is trying to forgive those debts. It would add injury to injury if cyber-fraudsters were able to pile on for a taxpayer plundering. A Tuesday oversight hearing will explore the department’s failure to protect its information from cyber-attack, as well as the conduct of its chief information officer.
Department of Education Inspector General Kathleen Tighe reported in November that her team has been “finding the same deficiencies over and over again” regarding information security. Since 2009 independent auditors “have found persistent IT control deficiencies in key financial systems,” she said.
The 2015 internal audit of information security revealed more problems, including an “inability to detect unauthorized devices connecting to the network.” The IG also flagged “key weaknesses” in “internal intrusion detection and prevention of system penetrations.” Specifically, her team was “able to gain full access to the Department’s network and our access went undetected” by both the contractor overseeing the system and the department’s information office.
Perhaps this was because the CIO’s office was engaged in other, less pressing matters. Confidential internal documents we have reviewed show that the IG’s office has been investigating CIO Danny Harris for years for possible misuse of his position and government property, among other alleged transgressions.
In 2013 Assistant IG William Hamel reported to Deputy Secretary Tony Miller that Mr. Harris “operated outside business ventures” in which he employed department subordinates and received payments from subordinates and others “for installing home theaters and detailing their cars.”
Mr. Harris did not return a phone call on Monday, but in his prepared testimony for Tuesday’s hearing he says that he has ceased having financial relationships with members of the department, that he made no money on the car detailing, and that he has amended his tax returns to reflect previously unreported income from the home theater installations.
That’s good to know, though we hope someone asks Mr. Harris’s superiors if they think such behavior is kosher for a senior federal official. After the catastrophic Chinese hack of the Office of Personnel Management, the feds need top-flight information officials—not men or women who view it as a sinecure with plenty of time to run other businesses.
Comments are closed.
