Home / News / 2 Years After Massive Data Breach, OPM Still Vulnerable

2 Years After Massive Data Breach, OPM Still Vulnerable

Over two years after the Office of Personnel Management (OPM) suffered a massive data beach compromising the data of over 20 million current and former federal employees and their families, there are still notable deficiencies in the way the agency handles its information systems, according to a recent audit.

Though there have been improvements to OPM’s IT security programs, the report notes there were”significant problems with the authorization packages prepared during the sprint” conducted in 2016 to bring the agency’s IT systems up-to-date and that “there is still significant effort needed to stabilize the authorization program.”

OPM does not fully comply with the cyber-security protocol issued by the National Institute of Standards and Technology, which all federal agencies will be required to adhere to.

“Of primary concern is the fact that the assessors performing the sprint activity did not have access to enough accurate and complete information to make valid risk-based decisions about the
systems’ security posture,” said the report.

OPM isn’t sufficiently testing the security of its local area networks and wide area networks, known as LAN/WAN, according to the Inspector General’s report. “There is a significant risk, if not likelihood, that the security controls testing performed as part of the LAN/WAN authorization process did not identify security vulnerabilities that could have been detected with an appropriately thorough test,” said the report.

“The lack of a valid authorization does not necessarily mean that a system is insecure,” according to the audit. “However, it does mean that a system is at a significantly higher risk of containing unidentified security vulnerabilities.”

The audit, dated June 20, was made publicly available on July 7.

 

Check Also

Report: NGA Could Put $830M in FY 2019 Contracts Up for Competition

The National Geospatial-Intelligence Agency’s updated forecast for contracting opportunities shows that nine potential solicitations totaling …

USAF Awards Lockheed $172M Contract for Lot 2 Long-Range Anti-Ship Missiles

The U.S. Air Force has awarded Lockheed Martin (NYSE: LMT) a potential three-year, $172.1M to manufacture a …