• The Heritage Network
    • Resize:
    • A
    • A
    • A
  • Donate
  • Cybersecurity Flaws at Department of Labor Continue the Trend of Government Cyber Failures

    A recent investigation into the Department of Labor’s (DOL) secure information systems revealed “very serious” cybersecurity flaws. Together with many other cybersecurity breaches and failures in the federal government, it is clear the government should not be put in charge of cybersecurity regulation of the private sector.

    The DOL failures included basic cybersecurity practices such as locking accounts after three failed attempts. On top of that, more than 75 percent of the accounts inspected “were granted system access privileges exceeding authorization.” Inactive accounts were also not closed in a timely manner.

    What does this mean? Any decent hacker would have been able to crack the password of a DOL employee or ex-DOL employee whose account wasn’t deactivated, and would then have a good chance of getting access to sensitive information. Considering that the DOL has access to important information—including Social Security numbers and personal data for many (if not all) workers in the U.S.—such failures are inexcusable.

    But if the government is not able to fully secure its own systems, why should we put it in charge of setting standards for the private sector? One of the major Senate proposals on cybersecurity seeks to do just that. Furthermore, President Obama is also considering an executive order with similar regulatory elements.

    A regulatory approach to cybersecurity would only create a culture of compliance, which, as evidenced by the DOL, usually results in just doing the bare minimum. Additionally, the cyber realm moves too quickly for government regulations to keep up. The most secure measure might be impenetrable today, but a month from now, hackers could have found holes in it.

    The U.S. needs to encourage dynamic cybersecurity solutions. Strong information sharing would allow the government and private sector to obtain important information to stop new and different attacks. Lawmakers should explore other solutions that leverage the private sector’s innovation and creativity, such as insurance, before resorting to government regulation.

    If the DOL’s cybersecurity failures have an upside, it is that it reminds lawmakers that the government can’t just go it alone; it needs to encourage and enable private-sector solutions.

    Posted in Security [slideshow_deploy]

    One Response to Cybersecurity Flaws at Department of Labor Continue the Trend of Government Cyber Failures

    1. Fred M says:

      Without effective security standards Technological growth in government is impossible. Personally I believe that since the importance of technology is going to continue to expand in day to day life of all citizens the government needs to get out of their stuffy mahogany offices and get with the times.

    Comments are subject to approval and moderation. We remind everyone that The Heritage Foundation promotes a civil society where ideas and debate flourish. Please be respectful of each other and the subjects of any criticism. While we may not always agree on policy, we should all agree that being appropriately informed is everyone's intention visiting this site. Profanity, lewdness, personal attacks, and other forms of incivility will not be tolerated. Please keep your thoughts brief and avoid ALL CAPS. While we respect your first amendment rights, we are obligated to our readers to maintain these standards. Thanks for joining the conversation.

    Big Government Is NOT the Answer

    Your tax dollars are being spent on programs that we really don't need.

    I Agree I Disagree ×

    Get Heritage In Your Inbox — FREE!

    Heritage Foundation e-mails keep you updated on the ongoing policy battles in Washington and around the country.