Back in 2015, the White House Office of Personnel Management was hit by a big hack
, and the government response was pretty slow
. The Government Accountability Office, which recently released a scathing report
on the security of U.S. weapon systems, issued several recommendations after the hack, and just recently went back to check on the office's progress. The results of the report (PDF warning)
aren't good. According to the GAO, the OPM followed up on some of the requests, but failed to "demonstrated that it had fully implemented" others. The accusations including failing to "reset all passwords subsequent to the breach," failing to install critical security updates in a timely manner, and failing to stop the use of shared administrator accounts. Public scrutiny may be accelerating the agency's security efforts, as many of the recommendations were implemented this quarter. Thanks to pek for the tip.
Posted by alphaatlas
10:34 AM (CST)
However, the agency had not provided sufficient evidence that it had implemented the other 16 recommendations. These recommendations included avoiding the use of the same administrator accounts by multiple persons, implementing procedures governing the use of special privileges on a key computer, encrypting passwords while stored or in-transit across the network, and installing the latest versions of operating system software on network devices supporting a high-impact system.