Report: Government PCs are vulnerable

WASHINGTON--Government computers that handle trillions of dollars in tax refunds and Social Security benefits remain vulnerable to cyberattacks despite previous warnings, a government report released Monday said.
The report by the General Accounting Office, Congress' investigative arm, found that computer-security controls at the Treasury Department's Financial Management Service remain lax, despite warnings dating back to 1997.

"Billions of dollars of payments and collections are at significant risk of loss or fraud, sensitive data are at risk of inappropriate disclosure, and critical computer-based operations are vulnerable to serious disruptions," the report said.

The FMS pays out more than $1.9 trillion annually for Social Security and veterans benefits, tax refunds and federal employee salaries. The system also administers most federal government collections, taking in $2 trillion in taxes, fines and duties.

The GAO report found weaknesses at nearly every point in the system, including the following:
- inadequate access controls, such as passwords and locks.
- poorly administered system software, including duplicate or obsolete programs.
- poor segregation of employee duties, giving certain employees more control than they should have had.
- no comprehensive security program that covered the entire system.

The GAO recommended that the FMS install a comprehensive security management program and fix individual weaknesses identified in a confidential version of the report.

http://zdnet.com.com/2100-1105-829436.html