GAO hacks Army Corps computer systemgreenspun.com : LUSENET : Grassroots Information Coordination Center (GICC) : One Thread |
October 13, 2000 DAILY BRIEFINGGAO hacks Army Corps computer system
By Tanya N. Ballard tballard@govexec.com The U.S. Army Corps of Engineers' core financial computer system is full of computer security holes, making sensitive financial data vulnerable to hackers, a new General Accounting Office study says.
The Corps' key financial system processes military engineering, construction, civil works and real estate projects. According to GAO, users with valid access, as well as hackers, could change or alter information and disclose or destroy sensitive financial data, including social security numbers and other personal information stored in the system.
GAO hired a contractor, PricewaterhouseCoopers, to test the system's vulnerabilities. The firm successfully hacked into the Corps' computer system and found serious weaknesses, according to the report, "Financial Management: Significant Weaknesses in Corps of Engineers' Computer Controls,"(GAO-01-89).
Problem areas included: remote access to the Corps' system; users with access to unauthorized areas; infrequent logging and monitoring of individuals' access to stored data; and the absence of audit logs to detect and monitor security violations.
But Russell Fuhrman, acting commander of the Corps, disagreed with GAO's findings, and said he did not believe his agency had "pervasive weaknesses" as the report asserted.
"The Corps of Engineers' automated systems are continually being modernized and security strengthened," Fuhrman said. "We are working hard to provide the government and our customers with a safe and secure information system and financial management operating system."
Fuhrman said the release of the report is premature since his agency has already taken steps to fix many of the problems GAO identified and because PricewaterhouseCoopers has not yet completed follow-up work that might show that many of the problems are resolved.
Still, GAO stuck with its original assessment, saying that the Corps' efforts to correct weaknesses need to be institutionalized as a continuous program of risk management.
http://www.govexec.com/dailyfed/1000/101300t1.htm
-- Martin Thompson (mthom1927@aol.com), October 14, 2000
there is a point where the time and money spent to secure information is more than the information is worth. in my opinion we are rapidly reaching that point. no effort can prevent info loss if someone wants it.
-- lee blocher (cblocher@northernway.net), October 14, 2000.