According to a report by MeriTalk, the agency is demonstrating the same cyber-attack vulnerabilities as OPM did prior to its attack in 2014-2015 and it is getting the attention of Congress.
In 2015, the Department of Homeland Security conducted a penetration test designed to explore cybersecurity gaps at SSA. The DHS report showed that testers had been able to capture and exfiltrate personal identifiable information from SSA systems – systems responsible for 150 million transactions per day involving social security numbers, benefits, and Medicare.
A House subcommittee meeting hearing into the vulnerabilities in late May ripped into SSA CISO, Marti Eckert for her lack of information about the number of critical vulnerabilities uncovered.
Calling it an issue of leadership, not technology, Rep. Will Hurd, R-Texas, who chairs the House IT subcommittee exclaimed:
“The DHS team was able to escalate privileges once they were inside your system and take control of your entire system. That’s a big deal,” Hurd said. “And then you have the audacity to say that Social Security meets all of the cross-agency priority cybersecurity goals. I wouldn’t pat yourself on the back. And you’re the CISO and you don’t know how many critical vulnerabilities that there were in a report that was done almost a year ago?”
MeriTalk’s report is just one of many that discusses looming cybersecurity threats – There are so many reports, in fact, that it is hard to know which to believe. DLT and SolarWinds recently teamed up to consolidate the results from a variety of recent studies, and discuss the most important takeaways and actions agencies should consider based on these reports to keep their networks and systems safe.
To access the on-demand webinar, click here.