90 Miles From Tyranny : Congressmen Repeatedly Failed To Supervise IT Aides With ‘Keys To The Kingdom,’ Officials Say

infinite scrolling

Tuesday, April 17, 2018

Congressmen Repeatedly Failed To Supervise IT Aides With ‘Keys To The Kingdom,’ Officials Say

Only one IT aide currently working directly for members of Congress has ever completed a background check, members’ data have been improperly mixed with other members’ data, and members provided almost no supervision, officials revealed Thursday in a House hearing spurred by “egregious” violations by former IT aide Imran Awan.

Members of Congress threw “$10 million” in additional funding to the [chief administrative officer (CAO)] in order to enhance their cybersecurity program” in June 2017. The move followed repeated cybersecurity threats against members of Congress, including the detection of what an IG report called “unauthorized access” by Awan. They also had the CAO and others propose how best to clamp down on vulnerabilities. But the CAO revealed Thursday that members blocked the resulting proposal, which called for eliminating Awan’s job category, that of a floating IT aide accountable only to members.

System administrators like Awan “hold the ‘keys to the kingdom,’ meaning they can create accounts, grant access, view, download, update, or delete almost any electronic information within an office,” Inspector General Michael Ptasienski said at the House hearing.

“A rogue system administrator could inflict considerable damage to an office and potentially disclose sensitive information, perform unauthorized updates, or simply export or delete files,” he continued. “A rogue system administrator could take steps to cover up his/her actions and limit the possibility that their behavior being detected or otherwise traced back to them.”

House Chief Administrative Officer Phil Kiko testified that experts found “two dozen” problems with the way the House managed cybersecurity. “Enforcement gaps range from improper vetting of the employees themselves, to unfettered access to House accounts and use of non-approved software and/or cloud services, to the use of unauthorized equipment … far too many have privileged access to the House network with...Read More HERE

No comments: