Anchor ads are not supported on this page.

4S Ranch Allied Gardens Alpine Baja Balboa Park Bankers Hill Barrio Logan Bay Ho Bay Park Black Mountain Ranch Blossom Valley Bonita Bonsall Borrego Springs Boulevard Campo Cardiff-by-the-Sea Carlsbad Carmel Mountain Carmel Valley Chollas View Chula Vista City College City Heights Clairemont College Area Coronado CSU San Marcos Cuyamaca College Del Cerro Del Mar Descanso Downtown San Diego Eastlake East Village El Cajon Emerald Hills Encanto Encinitas Escondido Fallbrook Fletcher Hills Golden Hill Grant Hill Grantville Grossmont College Guatay Harbor Island Hillcrest Imperial Beach Imperial Valley Jacumba Jamacha-Lomita Jamul Julian Kearny Mesa Kensington La Jolla Lakeside La Mesa Lemon Grove Leucadia Liberty Station Lincoln Acres Lincoln Park Linda Vista Little Italy Logan Heights Mesa College Midway District MiraCosta College Miramar Miramar College Mira Mesa Mission Beach Mission Hills Mission Valley Mountain View Mount Hope Mount Laguna National City Nestor Normal Heights North Park Oak Park Ocean Beach Oceanside Old Town Otay Mesa Pacific Beach Pala Palomar College Palomar Mountain Paradise Hills Pauma Valley Pine Valley Point Loma Point Loma Nazarene Potrero Poway Rainbow Ramona Rancho Bernardo Rancho Penasquitos Rancho San Diego Rancho Santa Fe Rolando San Carlos San Marcos San Onofre Santa Ysabel Santee San Ysidro Scripps Ranch SDSU Serra Mesa Shelltown Shelter Island Sherman Heights Skyline Solana Beach Sorrento Valley Southcrest South Park Southwestern College Spring Valley Stockton Talmadge Temecula Tierrasanta Tijuana UCSD University City University Heights USD Valencia Park Valley Center Vista Warner Springs

Insider hacking and the Coast Guard

Potential threats from trusted employees multiply, federal audit says

Coast Guard Cutter EDISTO operates from Southern California to Central America.
Coast Guard Cutter EDISTO operates from Southern California to Central America.

Is the United States Coast Guard, a key San Diego player in the battle against drug smuggling and human trafficking from Mexico, setting itself up for computer attacks mounted by its own most trusted employees?

So concludes a March 27 audit of the service's gaping information system vulnerabilities by the Inspector General's office of the Department of Homeland Security.

With billions of dollars tied up in illicit border traffic, it is well known among the feds that substantial bribes can be had from major smugglers for politicos and law-enforcement types with the ability to penetrate data networks.

"Trusted insiders could be given elevated access to mission-critical assets, including personnel, facilities, information, equipment, networks, or systems. Potential threats can include damage to the United States through espionage, terrorism, and unauthorized disclosure of national security information," says the audit document.

Sponsored
Sponsored

"Trusted insiders may also be aware of weaknesses in organizational policies and procedures, as well as physical and technical vulnerabilities in computer networks and information systems."

According to the audit, "In the wrong hands, insiders use this knowledge to facilitate malicious attacks on their own or collude with external attackers to carry out such attacks."

The situation has grown worrisome enough, the report says, that a formal charter was signed in February 2012 to set up the "Coast Guard Insider Threat Working Group to serve as a focal point for addressing insider threat issues."

As a result, some security holes, discovered during a review at Coast Guard headquarters in Washington DC and the air station at Ronald Reagan National Airport, have been plugged, but serious problems remain, the investigation found.

"Our technical testing demonstrated that unauthorized removable media devices can be connected to [Coast Guard computer] assets and used to remove simulated sensitive information," the auditors said. "Using login accounts supplied by USCG, we were able to transfer simulated sensitive information to and from [computer] assets using unauthorized removable media devices at multiple [Coast Guard] locations."

In addition, the audit showed "that simulated sensitive information could be sent from a USCG issued email account to an external personal email account. The failure to prevent the unauthorized removal or transfer of sensitive information through email provides a malicious insider the opportunity to carry out such an attack, making it difficult for an organization to protect itself."

The auditors added that they had "found external hard drives that were unattended and not properly locked and secured."

"When external hard drives are not properly secured, the risk of unauthorized access or theft from insiders increases." Besides that, wireless routers and laptops were found to be lying loose around the offices, according to the report.

Detection of possible on-staff miscreants has also been neglected, the document says, with a serious time lag in conducting "insider threat based security awareness training."

The Coast Guard's Counterintelligence Service is taking until September 30 of this year to finish the job, the audit notes.

"Until such training is fully implemented, USCG employees may not be aware of or have the knowledge to recognize insider threat behavior, or the appropriate process to report potential insider threats or actual attacks."

The latest copy of the Reader

Here's something you might be interested in.
Submit a free classified
or view all
Previous article

Oceanside toughens up Harbor Beach

Tighter hours on fire rings, more cops, maybe cameras
Next Article

Bringing Order to the Christmas Chaos

There is a sense of grandeur in Messiah that period performance mavens miss.
Coast Guard Cutter EDISTO operates from Southern California to Central America.
Coast Guard Cutter EDISTO operates from Southern California to Central America.

Is the United States Coast Guard, a key San Diego player in the battle against drug smuggling and human trafficking from Mexico, setting itself up for computer attacks mounted by its own most trusted employees?

So concludes a March 27 audit of the service's gaping information system vulnerabilities by the Inspector General's office of the Department of Homeland Security.

With billions of dollars tied up in illicit border traffic, it is well known among the feds that substantial bribes can be had from major smugglers for politicos and law-enforcement types with the ability to penetrate data networks.

"Trusted insiders could be given elevated access to mission-critical assets, including personnel, facilities, information, equipment, networks, or systems. Potential threats can include damage to the United States through espionage, terrorism, and unauthorized disclosure of national security information," says the audit document.

Sponsored
Sponsored

"Trusted insiders may also be aware of weaknesses in organizational policies and procedures, as well as physical and technical vulnerabilities in computer networks and information systems."

According to the audit, "In the wrong hands, insiders use this knowledge to facilitate malicious attacks on their own or collude with external attackers to carry out such attacks."

The situation has grown worrisome enough, the report says, that a formal charter was signed in February 2012 to set up the "Coast Guard Insider Threat Working Group to serve as a focal point for addressing insider threat issues."

As a result, some security holes, discovered during a review at Coast Guard headquarters in Washington DC and the air station at Ronald Reagan National Airport, have been plugged, but serious problems remain, the investigation found.

"Our technical testing demonstrated that unauthorized removable media devices can be connected to [Coast Guard computer] assets and used to remove simulated sensitive information," the auditors said. "Using login accounts supplied by USCG, we were able to transfer simulated sensitive information to and from [computer] assets using unauthorized removable media devices at multiple [Coast Guard] locations."

In addition, the audit showed "that simulated sensitive information could be sent from a USCG issued email account to an external personal email account. The failure to prevent the unauthorized removal or transfer of sensitive information through email provides a malicious insider the opportunity to carry out such an attack, making it difficult for an organization to protect itself."

The auditors added that they had "found external hard drives that were unattended and not properly locked and secured."

"When external hard drives are not properly secured, the risk of unauthorized access or theft from insiders increases." Besides that, wireless routers and laptops were found to be lying loose around the offices, according to the report.

Detection of possible on-staff miscreants has also been neglected, the document says, with a serious time lag in conducting "insider threat based security awareness training."

The Coast Guard's Counterintelligence Service is taking until September 30 of this year to finish the job, the audit notes.

"Until such training is fully implemented, USCG employees may not be aware of or have the knowledge to recognize insider threat behavior, or the appropriate process to report potential insider threats or actual attacks."

Comments
Sponsored

The latest copy of the Reader

Here's something you might be interested in.
Submit a free classified
or view all
Previous article

Roberto's Taco Shop celebrated 60 years in San Diego

Or is it really a Las Vegas taco shop chain with San Diego roots?
Next Article

Big Swell Rolls in for Christmas – Rockfish Closure

Big wahoo down south
Comments
Ask a Hipster — Advice you didn't know you needed Big Screen — Movie commentary Blurt — Music's inside track Booze News — San Diego spirits Classical Music — Immortal beauty Classifieds — Free and easy Cover Stories — Front-page features Drinks All Around — Bartenders' drink recipes Excerpts — Literary and spiritual excerpts Feast! — Food & drink reviews Feature Stories — Local news & stories Fishing Report — What’s getting hooked from ship and shore From the Archives — Spotlight on the past Golden Dreams — Talk of the town The Gonzo Report — Making the musical scene, or at least reporting from it Letters — Our inbox Movies@Home — Local movie buffs share favorites Movie Reviews — Our critics' picks and pans Musician Interviews — Up close with local artists Neighborhood News from Stringers — Hyperlocal news News Ticker — News & politics Obermeyer — San Diego politics illustrated Outdoors — Weekly changes in flora and fauna Overheard in San Diego — Eavesdropping illustrated Poetry — The old and the new Reader Travel — Travel section built by travelers Reading — The hunt for intellectuals Roam-O-Rama — SoCal's best hiking/biking trails San Diego Beer — Inside San Diego suds SD on the QT — Almost factual news Sheep and Goats — Places of worship Special Issues — The best of Street Style — San Diego streets have style Surf Diego — Real stories from those braving the waves Theater — On stage in San Diego this week Tin Fork — Silver spoon alternative Under the Radar — Matt Potter's undercover work Unforgettable — Long-ago San Diego Unreal Estate — San Diego's priciest pads Your Week — Daily event picks
4S Ranch Allied Gardens Alpine Baja Balboa Park Bankers Hill Barrio Logan Bay Ho Bay Park Black Mountain Ranch Blossom Valley Bonita Bonsall Borrego Springs Boulevard Campo Cardiff-by-the-Sea Carlsbad Carmel Mountain Carmel Valley Chollas View Chula Vista City College City Heights Clairemont College Area Coronado CSU San Marcos Cuyamaca College Del Cerro Del Mar Descanso Downtown San Diego Eastlake East Village El Cajon Emerald Hills Encanto Encinitas Escondido Fallbrook Fletcher Hills Golden Hill Grant Hill Grantville Grossmont College Guatay Harbor Island Hillcrest Imperial Beach Imperial Valley Jacumba Jamacha-Lomita Jamul Julian Kearny Mesa Kensington La Jolla Lakeside La Mesa Lemon Grove Leucadia Liberty Station Lincoln Acres Lincoln Park Linda Vista Little Italy Logan Heights Mesa College Midway District MiraCosta College Miramar Miramar College Mira Mesa Mission Beach Mission Hills Mission Valley Mountain View Mount Hope Mount Laguna National City Nestor Normal Heights North Park Oak Park Ocean Beach Oceanside Old Town Otay Mesa Pacific Beach Pala Palomar College Palomar Mountain Paradise Hills Pauma Valley Pine Valley Point Loma Point Loma Nazarene Potrero Poway Rainbow Ramona Rancho Bernardo Rancho Penasquitos Rancho San Diego Rancho Santa Fe Rolando San Carlos San Marcos San Onofre Santa Ysabel Santee San Ysidro Scripps Ranch SDSU Serra Mesa Shelltown Shelter Island Sherman Heights Skyline Solana Beach Sorrento Valley Southcrest South Park Southwestern College Spring Valley Stockton Talmadge Temecula Tierrasanta Tijuana UCSD University City University Heights USD Valencia Park Valley Center Vista Warner Springs
Close

Anchor ads are not supported on this page.

This Week’s Reader This Week’s Reader