A Department of Homeland Security report indicates that the U.S. Customs and Border Patrol has failed to correct a series of "significant" security deficiencies in its financial system.

Elizabeth Montalbano, Contributing Writer

September 3, 2010

2 Min Read

U.S. Customs and Border Patrol (CBP) is not taking even the most basic security measures to protect its financial system, according to the Department of Homeland Security's (DHS) inspector general. An independent audit (PDF) conducted by KPMG for the DHS found that between 2008 and 2009, the CBP has not addressed problems in protecting its financial data that were observed in a 2008 audit of the system, resulting in a "significant deficiency for financial system security."

Some parts of the report were redacted for security reasons. However, the report makes it clear that the CBP has not implemented even some of the most basic security -- such as installing anti-virus software on desktops -- to protect financial data. According to the report, the CBP does not maintain a current inventory of desktops with access to its financial system, nor does it conduct third-party review of changes made to system users' access rights.Moreover, a control option to limit the number of failed log-on attempts for system users is not configured correctly, according to the report. The CBP also has not configured its security system with parameters for mainframe audit and system utility logs to collect appropriate data for its financial system; audit logs are not being reviewed on a regular basis, and the agency does not maintain authorizations for personnel that have administrator access to the system.

There was some good news in the report. The CBP has taken some action to improve some deficiencies the inspector general found previously. For instance, the agency has made improvements to the tracking of security awareness completion, the controlling of emergency and temporary access to the system and the recertification of National Data Center (NDC) Local Area Network (LAN) accounts, according to the report. Still, the Inspector General has made more than 25 recommendations to the CBP to improve the security of its financial system. The agency agrees with the findings and recommendations, and is developing a plan to address them, according to the report.

About the Author(s)

Elizabeth Montalbano, Contributing Writer

Elizabeth Montalbano, Contributing Writer

Elizabeth Montalbano is a freelance writer, journalist, and therapeutic writing mentor with more than 25 years of professional experience. Her areas of expertise include technology, business, and culture. Elizabeth previously lived and worked as a full-time journalist in Phoenix, San Francisco, and New York City; she currently resides in a village on the southwest coast of Portugal. In her free time, she enjoys surfing, hiking with her dogs, traveling, playing music, yoga, and cooking.

See more from Elizabeth Montalbano, Contributing Writer
Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
Subscribe

You May Also Like

More Insights
Webinars
More Webinars
Events
More Events

Editor's Choice

Mitre company logo
Cyberattacks & Data Breaches
Top MITRE ATT&CK Techniques and How to Defend Against ThemTop MITRE ATT&CK Techniques and How to Defend Against Them
byNate Nelson, Contributing Writer
Apr 10, 2024
4 Min Read
A medical professional wearing scrub attire clicking on a screen in front of her
Cyberattacks & Data Breaches
Round 2: Change Healthcare Targeted in Second Ransomware AttackRound 2: Change Healthcare Targeted in Second Ransomware Attack
byDark Reading Staff
Apr 8, 2024
2 Min Read
A magnifying glass being held up in front of the apple logo
Vulnerabilities & Threats
Apple Warns Users in 150 Countries of Mercenary Spyware AttacksApple Warns Users Targeted by Mercenary Spyware
byDark Reading Staff
Apr 11, 2024
1 Min Read
Reports
More Reports
White Papers
More Whitepapers
Events
More Events