US Citizenship Systems Vulnerable To Major Malicious Cyberattacks, Homeland Security Watchdog Finds
USCIS did not take all necessary steps to ensure privileged user access was appropriate and did not adequately manage and monitor service account access
Nevertheless, adding that USCIS also did not implement the required security settings and updates for IT systems and workstations to help reduce the impact of access control weaknesses exploited.
Homeland Security Limited Capability To Combat Cyber Attacks
The inspector general warned in the report that USCIS’ access control deficiencies increased its attack surface and potential avenues for malicious actors to initiate a cyberattack. The inspector general also said that until the deficiencies are fully addressed, DHS may be limited in its capability to overcome a major cybersecurity incident.
USCIS, though, according to the inspector general, is taking steps to address the deficiencies in its security. USCIS collects sensitive data for immigration processing, including identity and biometric data.
Faulty Patch and System Security Deficiencies Create Loop Hole Access
The inspector general warned that unauthorized individuals could gain access to that sensitive information and said that USCIS’ recent efforts to digitize the information for electronic use make it a high-visibility target for attackers. DHS’ security posture relies on all components to implement effective IT security processes.
therefore, the USCIS’ access control and system security settings deficiencies may limit the Department’s ability to reduce the risk of unauthorized access to its network and disrupt mission operations.
A spokesperson for the inspector general declined to comment, and USCIS did not immediately respond to Fox News’ request for comment. Faulty patching has led to cyberattacks, such as the SolarWinds cyberattack. The Biden administration imposed sanctions on Russia for that computer hack.
However, it began in 2020 when malicious code was snuck into updates to popular software that monitors computer networks of businesses and governments.