Members of Congress threw “$10 million” in additional funding to the [chief administrative officer (CAO)] in order to enhance their cybersecurity program” in June 2017. The move followed repeated cybersecurity threats against members of Congress, including the detection of what an IG report called “unauthorized access” by Awan. They also had the CAO and others propose how best to clamp down on vulnerabilities. But the CAO revealed Thursday that members blocked the resulting proposal, which called for eliminating Awan’s job category, that of a floating IT aide accountable only to members.
System administrators like Awan “hold the ‘keys to the kingdom,’ meaning they can create accounts, grant access, view, download, update, or delete almost any electronic information within an office,” Inspector General Michael Ptasienski said at the House hearing.
“A rogue system administrator could inflict considerable damage to an office and potentially disclose sensitive information, perform unauthorized updates, or simply export or delete files,” he continued. “A rogue system administrator could take steps to cover up his/her actions and limit the possibility that their behavior being detected or otherwise traced back to them.”
House Chief Administrative Officer Phil Kiko testified that experts found “two dozen” problems with the way the House managed cybersecurity. “Enforcement gaps range from improper vetting of the employees themselves, to unfettered access to House accounts and use of non-approved software and/or cloud services, to the use of unauthorized equipment … far too many have privileged access to the House network with...Read More HERE
No comments:
Post a Comment