A Department of Homeland Security report indicates that the U.S. Customs and Border Patrol has failed to correct a series of "significant" security deficiencies in its financial system.
September 3, 2010
U.S. Customs and Border Patrol (CBP) is not taking even the most basic security measures to protect its financial system, according to the Department of Homeland Security's (DHS) inspector general. An independent audit (PDF) conducted by KPMG for the DHS found that between 2008 and 2009, the CBP has not addressed problems in protecting its financial data that were observed in a 2008 audit of the system, resulting in a "significant deficiency for financial system security."
Some parts of the report were redacted for security reasons. However, the report makes it clear that the CBP has not implemented even some of the most basic security -- such as installing anti-virus software on desktops -- to protect financial data. According to the report, the CBP does not maintain a current inventory of desktops with access to its financial system, nor does it conduct third-party review of changes made to system users' access rights.Moreover, a control option to limit the number of failed log-on attempts for system users is not configured correctly, according to the report. The CBP also has not configured its security system with parameters for mainframe audit and system utility logs to collect appropriate data for its financial system; audit logs are not being reviewed on a regular basis, and the agency does not maintain authorizations for personnel that have administrator access to the system.
There was some good news in the report. The CBP has taken some action to improve some deficiencies the inspector general found previously. For instance, the agency has made improvements to the tracking of security awareness completion, the controlling of emergency and temporary access to the system and the recertification of National Data Center (NDC) Local Area Network (LAN) accounts, according to the report. Still, the Inspector General has made more than 25 recommendations to the CBP to improve the security of its financial system. The agency agrees with the findings and recommendations, and is developing a plan to address them, according to the report.
About the Author(s)
You May Also Like
The fuel in the new AI race: Data
April 23, 2024Securing Code in the Age of AI
April 24, 2024Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024