Border Patrol Fails To Secure Financial System
A Department of Homeland Security report indicates that the U.S. Customs and Border Patrol has failed to correct a series of "significant" security deficiencies in its financial system.
September 3, 2010
U.S. Customs and Border Patrol (CBP) is not taking even the most basic security measures to protect its financial system, according to the Department of Homeland Security's (DHS) inspector general. An independent audit (PDF) conducted by KPMG for the DHS found that between 2008 and 2009, the CBP has not addressed problems in protecting its financial data that were observed in a 2008 audit of the system, resulting in a "significant deficiency for financial system security."
Some parts of the report were redacted for security reasons. However, the report makes it clear that the CBP has not implemented even some of the most basic security -- such as installing anti-virus software on desktops -- to protect financial data. According to the report, the CBP does not maintain a current inventory of desktops with access to its financial system, nor does it conduct third-party review of changes made to system users' access rights.Moreover, a control option to limit the number of failed log-on attempts for system users is not configured correctly, according to the report. The CBP also has not configured its security system with parameters for mainframe audit and system utility logs to collect appropriate data for its financial system; audit logs are not being reviewed on a regular basis, and the agency does not maintain authorizations for personnel that have administrator access to the system.
There was some good news in the report. The CBP has taken some action to improve some deficiencies the inspector general found previously. For instance, the agency has made improvements to the tracking of security awareness completion, the controlling of emergency and temporary access to the system and the recertification of National Data Center (NDC) Local Area Network (LAN) accounts, according to the report. Still, the Inspector General has made more than 25 recommendations to the CBP to improve the security of its financial system. The agency agrees with the findings and recommendations, and is developing a plan to address them, according to the report.
About the Author(s)
You May Also Like
Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024Where and Why Threat Intelligence Makes Sense for Your Enterprise Security Strategy
May 15, 2024Safeguarding Political Campaigns: Defending Against Mass Phishing Attacks
May 16, 2024Why Effective Asset Management is Critical to Enterprise Cybersecurity
May 21, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024