DoD Wide Open To Social Media Hackers: GAO
Posted on
Washington: For computer hackers looking to get into the Defense Department’s most sensitive networks, the answer may be as simple as sending a Facebook friend request.
The increasing use of social networking sites, like Facebook and LinkedIn, by federal employees across the U.S. government has exposed critical cybersecurity gaps in those agencies, reports our Huffington Post colleague Gerry Smith.
Citing a recent Government Accountability report, Smith writes that virtually all of the 25 U.S. government agencies use social networking sites, but less than one-third have set up security measures to protect against hackers gaining access to agency networks via those sites.
“Most agencies did not have documented assessments of the security risks that social media can pose to federal information or systems, which could result in the loss of sensitive information or unauthorized access to critical systems supporting the operations of the federal government,” the GAO report states.
Smith noted that some agencies, like the Department of Health and Human Services, have blocked the use of sites like Twitter and YouTube, except when they are being used for “business needs”
However others, such as the State Department, told GAO auditors they had no plans to reboot their cybersecurity measures for social media.
In response to the report, Acting Assistant Secretary of Defense For Networks and Information Integration Teri Takai said the Pentagon was wrapping up a “privacy impact assessment” on the use of social media on DoD networks.
The assessment, which “evaluates potential privacy risks associated with agency use of social media services and identifies protections to address those risks,” will be done by the end of this month, she said in a May 27 letter to the GAO.
DoD has been on a cybersecurity kick in recent months, releasing its first ever cyber strategy this month. Shortly before the strategy’s release, Madelyn Creedon, the White House’s to oversee cyber policy said that a cyber attack could “absolutely” be considered an act of war.
Subscribe to our newsletter
Promotions, new products and sales. Directly to your inbox.