The Interior Department remains vulnerable to cybersecurity threats and has lagged in efforts to shore up its information technology defenses, agency watchdogs caution in a new report.
Despite past warnings and urgent recommendations, staffers with Interior’s Office of Inspector General identified what they called a “high number of unresolved critical and high impact vulnerabilities” that “significantly increased” the risk that the department’s sprawling information system could be compromised.
“If exploited, these vulnerabilities could have serious or severe adverse effects on [Interior] operations, including, but not limited to, system takeover by malicious third parties, ransomware, or exposure of sensitive data,” the OIG reported.
In the course of following up on past cybersecurity critiques, the OIG inspectors said Interior was “not consistently reducing cybersecurity risks” by fixing the most serious software vulnerabilities. The inspectors reported finding thousands of “known exploited vulnerabilities” on Interior’s IT systems that have been identified by the Cybersecurity and Infrastructure Security Agency as the highest priority for remediation.
