- Rep. Henry Cuellar on border crisis: ‘Playing defense on the one-yard line’
- Activists vow to occupy fast-food restaurants to get higher pay
- Rep. Luis Gutierrez: Senate Dems wary of immigration politics
- Summer camp for 1 percenters: Sushi, limos and shopping at FAO Schwarz
- Colorado gun crackdown law found to be built on faulty data
- Hank Aaron steps to fundraising plate for Democrat Michelle Nunn
- ISIL terrorists blow up burial site of Jonah, vow more of same
- Impeach Obama, say 35 percent in new poll
- Taliban yank 14 Shiites off bus, bind and shoot them on Afghan road
- Obama takes aim at ‘corporate deserters’
While advising the public on cybersecurity, FCC failed on its own defenses
Question of the Day
When the Federal Communication Commission's computer systems were breached in Sept. 2011, it decided to take action to improve cybersecurity.
But more than a year and $10 million later, investigators found the agency is back at square one. In fact, the security improvements the FCC had taken were largely useless, according to a report by the Government Accountability Office, Congress' watchdog arm.
"FCC’s information remained at unnecessary risk of inadvertent or deliberate misuse, improper disclosure, or destruction. Further, addressing these deficiencies could require costly and time consuming rework," the report said.
The FCC is the agency that regulates broadcasts from radio to television to satellite. If Beyonce had a "wardrobe malfunction" on Sunday like the Janet Jackson Super Bowl halftime show several years ago, the FCC is in charge of handing out fines to the television networks and stations in charge of the program.
It also has taken a high-profile role in cybersecurity, creating a special office to communicate threats and solutions to the public and offering small businesses advice on how to repel attacks.
Hacking attempts on government computers are up 780 percent over the past six years, according to GAO. So when FCC security was breached, the agency started the Enhanced Secured Network (ESN) project to protect it's computers, and the White House Office of Management and Budget authorized it to spend $10 million on the improvements.
Investigators, however, found that little had been improved, mostly because FCC officials weren't sure what they needed in cybersecurity improvements.
"FCC deployed the initial components of the project without first fully defining security and functional requirements and without conducting required reviews of those requirements," GAO said.
Officials at the broadcast regulator agency didn't get control of the project from the start, investigators said, including developing a poor cost estimate, project schedule and risk assessment.
GAO said FCC officials admitted to them that the agency "lacked project management expertise" on this particular program.
The report noted this was unusual for FCC, which usually does a much better job testing and integrating new security improvements.
But without a clear idea of what they needed, FCC personnel hadn't fine-tuned the security upgrades to get the best protection, GAO said. A program to combat malicious software was installed but never fully used to help fend off attacks. Databases with stored passwords weren't always encrypted well enough.
As a result, the agency "limited the effectiveness of its security enhancements and did not sufficiently protect the initial deployments from the security threats that the project is intended to mitigate."
David Robbins, the Managing Director of FCC, said the agency would try to improve some of the mistakes noted in the GAO report, but said the security improvements have largely been successful. The investigation, he said, came at a time when the agency was trying to hurriedly make corrections, and since then improvements have been made.
"The FCC's overall network security is in a better place now as a result of the ESN project," Robbins said. "We look forward to sharing our further progress with Congress and the GAO at a later time, when these security initiatives are more fully deployed and developed."
The entire project was supposed to be completed by the end of February. But investigators expressed concern that the entire security program might have to be reworked.
"It is difficult to know whether the project’s planned completion date is realistic," GAO said. "Increased risk exists that future ESN deployments may also contain security vulnerabilities and that costly and time-consuming rework may be necessary to correct deficiencies in the completed deployments."
TWT Video Picks
Second- and third-stringers eye 2016 if front-runner stumbles
- 'We're coming for you, Barack Obama': Top U.S. official discloses threat from ISIL terrorists
- Obama orders Pentagon advisers to Ukraine
- NAPOLITANO: What if our democracy is a fraud?
- Michelle Obama says money in politics is bad, asks donors for 'big, fat check'
- Hamas rejects Kerry's call for cease-fire; Fears grow others could join fight against Israel
- Presidents of Honduras, Guatemala blame U.S. for border children crisis
- PRUDEN: The Democratic-wannabe mice under Hillary Clinton's feet
- Crime-ridden U.S. cities differ on ways to fight gun violence
- Let it roll: D.C. Council hits Las Vegas on taxpayer's dime, leaves $14,000 tab
- Obama takes aim at 'corporate deserters'
Obama's biggest White House 'fails'
Celebrities turned politicians
Athletes turned actors
20 gadgets that changed the world
Fighting in Iraq