The U.S. Government Accountability Office found several gaps in the security of wireless networks used by federal agencies and made several recommendations to enhance safety, according to a report published on Tuesday.
U.S. federal networks, including the Pentagon, have increasingly become targets of cyber attacks and hacking. The Pentagon is currently stepping up its cyber security system after hackers hijacked the Internet for over 15 minutes earlier this month.
In October, a Malaysian cyber bandit was arrested for hacking into the U.S. Federal Reserve's computer and stealing nearly half a million credit and debit card numbers.
Given these vast intrusions in cyber security, the GAO was asked to suggest several updates to its previous report on information security.
Existing government-wide guidelines and oversight efforts do not fully address agency implementation of leading wireless security practices, the GAO said.
The GAO conducted detailed testing at the Departments of Agriculture, Commerce, Transportation, Veterans Affairs and the Social Security Administration.
Most agencies had policies to support federal guidelines and leading practices, but gaps existed, particularly with respect to dual-connected laptops and mobile devices taken on international travel.
Many agencies used a decentralized structure for management of wireless, limiting the standardization that centralized management can provide, the report said.
Most agencies were missing key elements related to wireless security in their security awareness training. Twenty agencies required encryption, and four of the agencies did not require encryption for remote access, GAO said.
Encryption is crucial for information being sent over a public network. As more people have access to internet and work outside the office, agencies are compelled to give access outside the internal networks. In such cases, without encryption, the data sent from the user's laptop is visible to anyone who is on the same public wireless network and can be attacked.
The GAO report also stated that agencies had insufficient practices for monitoring or conducting security assessments of their wireless networks.
Smartphones and Bluetooth have also increased the risk of security breaches. Bluetooth-enabled devices are susceptible to general networking threats and are also threatened by more specific Bluetooth-related attacks such as 'bluesnarfing,' the report said.
Bluesnarfing enables attackers to gain control over a Bluetooth-enabled device by exploiting a software flaw in older devices.
... until agencies take steps to better implement these leading practices, and OMB takes steps to improve government-wide oversight, wireless networks will remain at an increased vulnerability to attack, the GAO concluded.