informa
/
Risk
News

Border Patrol Fails To Secure Financial System

A Department of Homeland Security report indicates that the U.S. Customs and Border Patrol has failed to correct a series of "significant" security deficiencies in its financial system.
U.S. Customs and Border Patrol (CBP) is not taking even the most basic security measures to protect its financial system, according to the Department of Homeland Security's (DHS) inspector general. An independent audit (PDF) conducted by KPMG for the DHS found that between 2008 and 2009, the CBP has not addressed problems in protecting its financial data that were observed in a 2008 audit of the system, resulting in a "significant deficiency for financial system security."

Some parts of the report were redacted for security reasons. However, the report makes it clear that the CBP has not implemented even some of the most basic security -- such as installing anti-virus software on desktops -- to protect financial data. According to the report, the CBP does not maintain a current inventory of desktops with access to its financial system, nor does it conduct third-party review of changes made to system users' access rights.Moreover, a control option to limit the number of failed log-on attempts for system users is not configured correctly, according to the report. The CBP also has not configured its security system with parameters for mainframe audit and system utility logs to collect appropriate data for its financial system; audit logs are not being reviewed on a regular basis, and the agency does not maintain authorizations for personnel that have administrator access to the system.

There was some good news in the report. The CBP has taken some action to improve some deficiencies the inspector general found previously. For instance, the agency has made improvements to the tracking of security awareness completion, the controlling of emergency and temporary access to the system and the recertification of National Data Center (NDC) Local Area Network (LAN) accounts, according to the report. Still, the Inspector General has made more than 25 recommendations to the CBP to improve the security of its financial system. The agency agrees with the findings and recommendations, and is developing a plan to address them, according to the report.

Recommended Reading:
Editors' Choice
Kirsten Powell, Senior Manager for Security & Risk Management at Adobe
Joshua Goldfarb, Director of Product Management at F5