Skip to main content

Exclusive: U.S. Homeland Security found SEC had 'critical' cyber weaknesses in January



The U.S. Department of Homeland Security detected five “critical” cyber security weaknesses on the Securities and Exchange Commission’s computers as of January 23, 2017, according to a confidential weekly report reviewed by Reuters.

The report’s findings raise fresh questions about a 2016 cyber breach into the U.S. market regulator’s corporate filing system known as “EDGAR.” SEC Chairman Jay Clayton disclosed late Wednesday that the agency learned in August 2017 that hackers may have exploited the 2016 incident for illegal insider-trading.

The January DHS report, which shows its weekly findings after scanning computers for cyber weaknesses across most of the federal civilian government agencies, revealed that the SEC at the time had the fourth most “critical” vulnerabilities.

It was not clear if the vulnerabilities detected by DHS are directly related to the cyber breach disclosed by the SEC. But it shows that even after the SEC says it patched “promptly” the software vulnerability after the 2016 hack, critical vulnerabilities still plagued the regulator’s systems.

The hack, two weeks after credit-reporting company Equifax (EFX.N) said hackers had stolen data on more than 143 million U.S. customers, has sent shockwaves through the U.S. financial sector.

An SEC spokesman did not have any comment on the report’s findings.

It is unclear if any of those critical vulnerabilities, detected after a scan of 114 SEC computers and devices, still pose a threat.

During the Obama administration, such scans were done on a weekly basis.

“I absolutely think any critical vulnerability like that should be acted on immediately,” said Tony Scott, the former federal chief information officer during the Obama administration who now runs his own cybersecurity consulting firm.

“This is what was at the root of the Equifax hack. There was a critical vulnerability that went unpatched for some long period of time. And if you’re a hacker, you are going to ... try to see if you can exploit it in some fashion or another. So there is a race against the clock.”

For the past several years, the Department of Homeland Security has been producing a report known as the “Federal Cyber Exposure Scorecard.” 

It provides a weekly snapshot to more than 80 civilian government agencies about potential outstanding cyber weaknesses and how long they have persisted without being patched.

A directive by Homeland Security requires agencies to address critical vulnerabilities within 30 days, though sometimes that deadline can be difficult to meet if it might disrupt a government system.

The January snapshot shows improvements have been made across the government since May 2015, when there were a total of 363 critical vulnerabilities on devices across all of the civilian agencies, according to the report.

As of January 23, by contrast, there were a total of 40 critical vulnerabilities across the agencies reviewed by DHS and another 280 weaknesses categorized as “active high,” which is the second more severe category.

The top four agencies with the most “critical” vulnerabilities as of January 23 included the Environmental Protection Agency, the Department of Health and Human Services, the General Services Administration and the SEC.

However, more vulnerabilities do not necessarily mean one agency is worse than another because things depend on how many computers or devices known as “hosts” were scanned and what kinds of information could potentially be exposed.

“All it takes is one,” Scott said. “You can have one host and one vulnerability and your risk might be 10 times as high as someone who has 10 hosts and ten vulnerabilities.”

Comments

Popular posts from this blog

Armenian protesters block traffic, railways & airport as protest leader loses PM bid

Anti-government protesters disrupted traffic in Armenia’s capital, blocking railways and roads leading to Yerevan International Airport, after the parliament voted against opposition leader Nikol Pashinyan’s bid for interim PM.
Protesters managed to block streets connecting downtown Yerevan to residential districts, disrupting transportation in Armenia’s capital, footage from the scene shows. 
Yerevan’s metro system has also been paralyzed as demonstrators sit on the tracks, preventing trains from passing.
Meanwhile, protesters disrupted traffic on a road leading to Yerevan’s Zvartnots International Airport, located just 12km from the center of the city. 
Consequently, some passengers had to go the rest of the way on foot in order to catch their flights, according to Sputnik news agency.
Railway services have also been disrupted all across the country amid the demonstrations, a spokesman for South Caucasus Railways confirmed to Interfax. 
Some other highways, including the one connecting th…

Iran Killing Command: The use of firearms in dealing with protesters

The document you see on the image is the order of the commander of the Tehran repressive force to all the units based in the city.

Based on this agenda, the mercenaries of the corrupt government Islamic Republic of Iran have been allowed to use firearms in the event of any protest movement against people by the regime.
This is a murder command.
The repressive force of the law, known to the world's famous police and guardians, should protect the lives of its citizens, by freeing their mercenaries, they allow them to murder Iranians who are protesting the corruption in the government and you have the important message that if you come to the streets in protest of corruption and torture and massacre, we will kill you.
Because, according to criminal Khomeini, maintenance of the system is obligatory.
A corrupt government that is so hideous that spend billions of dollars from the national treasury and popular capitalto the suppression of its people and the countries of the region, must be ov…

ایران فرمان قتل : دستور استفاده از سلاح گرم در برخورد با معترضان

سندی که در تصویر میبینید دستور فرمانده نیروی سرکوبگر انتظامی تهران به همه یگانهای مستقر در این شهر است.
بر اساس این دستور کار ، مزدوران حکومت فاسد نظام جمهوری اسلامی اجازه یافته اند که درصورت بروز هرگونه جنبش اعتراضی از سوی مردم علیه رژیم ، از سلاح گرم استفاده کنند.
این دستور یک فرمان قتل است.
نیروی سرکوبگر انتظامی که به ظاهر و تعریف شناخته شده پلیس در سراسر جهان ، میبایست حافظ جان شهروندان باشد ، با آزاد گذاشتن دست مزدوران چکمه پوش خود انها را مجاز به قتل ایرانیان معترض به فسادهای موجود درلایه های حکومت میکنند و این پیام مهم را در خود دارد که اگر در اعتراض به  فساد و شکنجه و کشتار به خیابانها بریزید شما را خواهیم کشت.
چرا که به گفته خمینی دجال، حفظ نظام از اوجب واجبات است.
حکومت فاسدی که انقدر وقیح هست که میلیاردها دلار از خزانه ملی و سرمایه مردمی را صرف سرکوب مردم خود و کشورهای منطقه میکند باید سرنگون کرد.
اکنون چهل سال است که کشور ما به اشغال این ملایان جنایکتارخونخوار و اسلام تحمیلی در آمده است .
هنوز باورش برای برخی سخت است که درک کنند کشور ما به معنای واقعی کلمه از سوی بنیادگرایان الله…