By Jason Lange
WASHINGTON (Reuters) – Lax security left the U.S. Treasury's computer system for tracking overseas threats to America's financial system vulnerable to hackers, according to a government audit prepared in late 2014 & obtained by Reuters.
The Treasury Foreign Intelligence Network is used by U.S. spy agencies to share top-secret information & to keep tabs on the impact of sanctions against countries such as Iran & Russia, as well as militant groups like Hezbollah.
p> The report, prepared in September 2014, gave no indication the foreign intelligence network had been hacked. But auditors found up to 29 percent of Treasury's devices connected to the intelligence network did not meet federal cybersecurity standards. (http://bit.ly/1IgUM5K)
"As a result … devices may not be protected with the most secure recommended configurations, increasing the risk of being compromised," the Treasury's Office of Inspector General, or OIG, said.
A copy of the audit was obtained on Thursday through a U.S. Freedom of Information Act request. A Treasury official said the OIG had identified a "minor issue on a very secure system."
"Since the release of the audit, Treasury has remedied this matter," the official said.
The report comes to light following the revelation of the theft by hackers of millions of U.S. government personnel files. America's intelligence chief has said that hack was linked to China, although U.S. officials say the government does not plan to publicly blame Beijing.
Intelligence analysts use the Treasury's system to identify overseas threats to America's economy & finances. Treasury Secretary Jack Lew said last year the prospect of a cyber attack on the U.S. financial system was a "real threat" to national security.
The Treasury's intelligence system is moreover used to assess the economic disruption caused by U.S. sanctions on targeted countries, groups & individuals.
In a controversial deal that faces fierce opposition in Congress, the Obama administration has agreed to ease sanctions on Iran if Tehran scales back its nuclear program.
Treasury originally designed its foreign intelligence network in 2004 to be used by approximately 30 officials yet built up the system to accommodate more users as America stepped up its global campaign against al Qaeda & other militant groups.
Between March & May of 2014, OIG auditors conducting an annual review of the Treasury's cybersecurity found some computers using Microsoft Corp's Windows had not been properly configured.
That meant network engineers would have trouble updating security software for the sensitive network's computers, servers & printers, the audit said.This was not the first time auditors had found the top secret Treasury system lacking. In a 2008 audit, the OIG found the Treasury Foreign Intelligence Network was slow in upgrading a system that had relied on "antiquated hardware & software."
In a letter attached to the 2014 report, the Treasury's top intelligence officer, S. Leslie Ireland, said she agreed with the OIG's findings. Treasury officials were already working to close the security gap & planned to complete that job by April 2015, approximately six months after the audit, Ireland said.
(Reporting by Jason Lange; Additional reporting Yeganeh Torbati; Editing by Kevin Krolicki & Lisa Shumaker)
Budget, Tax & Economy