I recently came across a very interesting article regarding a severe disregard to security revolving around federal information systems. While this article might not relate 100% to the class, most of the students in this class also are currently taking Security Architecture, and just recently completed a system security plan for a cloud service provider to receive authorization for use by federal agencies. Since it was an interesting article related to a project we just finished, I thought I would share it in my blog.
According to the article found on ArsTechnica, it was recently found that the United States Senate as a federal agency has not implemented basic security configurations that meet federal information security standards. Federal information security standards suggests that two-factor authentication should be utilized when accessing confidential information systems, such as physical access to government buildings and when utilizing a VPN. As part of an increase in security, the DOD started utilizing smart cards (see below) to be used to satisfy 2FA. While the technology used by the DOD was both practical and secure, not all federal agencies have kept up with the new standard with about only 80% of federal agencies implementing such technology. One of those federal agencies is that of the United States Senate. In a letter written by Senator Ron Wyden to the Committee on Rules and Administration, the Senate has not implemented two factor authentication for virtual private networks or logging into emails. Even worse, was that instead of implementing a chip into their “smart cards”, they posted an image of where the chip would be. While I am not sure if this was an attempt to seem secure or just to keep all federal cards looking the same, the fact that someone decided to make a card look secure instead of actually being secure is quite aggravating. With it being the year 2017 and the fact that this election could be considered the most controversial in respects to hacking and foreign influence, one would think government officials would be taking swift actions to protect their systems. It is frustrating to see that officials held in such high authority don’t follow guidelines that are in place for federal information systems and don’t seem to care about security overall. Hopefully, Senator Wyden will create some influence to change federal agency security practices.