IG: DHS networks riddled with security holes

The Department of Homeland Security team tasked with protecting the government's computers must resolve hundreds of security vulnerabilities in its own networks, according to a report from the department's inspector general.

An audit of the United States Computer Emergency Readiness Team, or US-CERT, found more than 600 vulnerabilities that could compromise the agency's cybersecurity data, including 202 that were classified as high-risk. The majority related to systems in Virginia that hadn't been updated with the latest software and operating system security patches.

"Adequate security controls have not been implemented on the [Mission Operating Environment] to protect the data processed from unauthorized access, use, disclosure, disruption, modification, or destruction," states the report.

According to the report, the majority of cyber-attacks these days occur through common applications such as Microsoft Word rather than operating systems. That makes keeping software applications up-to-date more crucial than ever, particularly with regards to the Einstein system used by US-CERT to monitor government networks for security breaches.

"The results of our vulnerability assessments revealed that [National Cyber Security Division] is not applying timely security and software patches on the [Mission Operating Environment]," the report states, adding that the vulnerabilities could compromise the data on security breaches collected by Einstein.

The IG recommends the Department of Homeland Security place more emphasis on patching its systems and making sure they are updated; in its response, DHS said it has already addressed the issue.