Government agencies are leaving sensitive data about nuclear plants on unprotected drives, using simple passwords that are easy to crack and failing to install simple software updates and security patches, according to a new report from the Senate Homeland Security and Governmental Affairs Committee.
The analysis from Republicans on the panel found a slew of lapses and “general sloppiness” at the federal government. That's making it easier for hackers to take control of critical infrastructure and break into networks.
Last year, hackers allegedly broke into the Federal Communications Commission’s Emergency Broadcast System and caused TV stations in Michigan, Montana and North Dakota to broadcast warnings about a fictional zombie attack.
Additionally, the analysis discovered that employees at the Department of Homeland Security used passwords like “password” or their username to protect sensitive databases of information.
“Examples like those underscore for many the importance of increased federal involvement in protecting the nation’s privately-owned critical infrastructure,” the report said. “But for one thing: Those failures aren’t due to poor practices by the private sector.”
Instead, the analysis lists a number of “real lapses by the federal government."
Data beaches at Target, Neiman Marcus and other top businesses have exposed more than 100 million people’s personal or financial data. News of those hacks has spurred calls in Congress for a new law to protect sensitive data, but the committee’s new report makes a case for beefing up security at government networks as well.