Author Topic: U.S. Federal Reserve System Exposed to Increased Risk of Unauthorized Access  (Read 190 times)

Online javajolt

  • Administrator
  • Hero Member
  • *****
  • Posts: 35126
  • Gender: Male
  • I Do Windows
    • windows10newsinfo.com
Federal Reserve Bank (FRB) systems are exposed to an increased risk of unauthorized access because of security weaknesses found in the U.S. Treasury Department's computing systems according to a management report issued by the U.S. Government Accountability Office (GAO).

GAO used "an independent public accounting (IPA) firm, under contract, to assist with information system testing, including follow-up on the status of FRBs’ corrective actions to address control deficiencies contained in our prior years’ reports that were not remediated as of September 30, 2017."

As part of its audit for the fiscal year that ended on September 30, 2018, performed an extensive review of all computing system controls over key financial systems maintained and operated by FRBs connected to the Schedule of Federal Debt.

As explained by GAO:

Quote
This year our audit found new weaknesses in the security of the information systems that the Treasury Department uses to keep track of and otherwise manage the debt—including one in a Federal Reserve Bank system that Treasury relies on. This new weakness, along with some unresolved earlier ones, could lead to an increased risk of unauthorized access to Federal Reserve Bank systems.
One new and two continuing security weaknesses found by GAO

During the fiscal year 2018 audit, GAO found "one new information system general control deficiency" affecting configuration management which is designed to block unauthorized or untested modifications to critical information on computing systems.

GAO also discovered two not yet addressed deficiencies found in the prior year in information system controls over key financial systems, operated by FRBs and also relevant to the Schedule of Federal Debt.

Fiscal Service's information system controls were also found to contain deficiencies which, when taken into account with previously unearthed unresolved control deficiencies, collectively classify as a significant flaw in internal control over Schedule of Federal Debt's financial reporting.

According to GAO, "Until these new and continuing control deficiencies are fully addressed, there will be an increased risk of unauthorized access to, modification of, or disclosure of sensitive data and programs."

Federal Reserve Bank currently addressing the found deficiencies

In response to the audit's findings and recommendations, the Board of Governors of the Federal Reserve System stated that FRB management is "currently addressing the new and continuing information system general control deficiencies" impacting Treasury Department's computing systems during the last fiscal year.

As further detailed in GAO's "Areas for Improvement in the Federal Reserve Banks’ Information System Controls" management report, the agency will follow up to learn of the status of the corrective procedures undertaken to rectify the deficiencies it found during the audit.

As previously reported by BleepingComputer in January, GAO released a report last year which demonstrated how poorly 23 federal civilian agencies secured their systems, with the U.S. government having to get a quick handle on the same cybersecurity issues it had to address in 2018 since, in the case of some state agencies, subpar performance is anticipated for years to come.

In a previous report issued by the Office of Inspector General (OIG), the Department of Defense (DoD) was also shown to be still lacking when it comes to the speed of addressing cybersecurity recommendations designed to reduce security risks affecting the Pentagon's network, with 266 unresolved issues dating as far as 2008 being discovered during an extensive audit.

Similar findings were also detailed in a report regarding the Audit of the DoD FY 2018 Financial Statements, where the DoD OIG said that "Across multiple DoD Components, auditors found significant control deficiencies regarding IT systems."

source
« Last Edit: March 27, 2019, 01:20:52 PM by javajolt »