HUD Flunks 75% of Internet Security Metrics, Inspector General Warns

Tyler McNally
By Tyler McNally | June 27, 2014 | 11:08 AM EDT

Seventy-five percent of all Internet security metrics were not met by the Dept. of Housing and Urban Development, an Inspector General's report reveals.

The OIG says, "[M]any areas in HUD's information security program did not comply with [Federal Information Security Management Act], and HUD had not established or implemented a risk-based program that allowed it to effectively manage its information and IT security risks."

With Internet security at the forefront of government difficulties, HUD has failed miserably, with deficiencies in all areas:

HUD is required to report on 109 metrics, established by the U.S. Department of Homeland Security, which span 11 IT program areas. OIG determined that HUD had not satisfied 75 percent of those metrics and improvements were needed in all program areas. HUD's system inventory and system authorization boundaries were not fully documented, and all systems did not have a valid authority to operate. The governance structure for HUD's IT security program was underdeveloped and had experienced ongoing staff turnover in key leadership positions. HUD has a major management challenge ahead as it moves forward in establishing a compliant and effective program.

Recently, other federal agencies have been called before Congress to testify over their lack of Internet and computer security.

On June 13, Chairman of the House Oversight and Government Reform Committee, Rep. Darrell Issa, released a statement saying that emails from former director of IRS Exempt Organizations Unit, Lois Lerner, had been lost due to a "computer crash." The ensuing questioning from the Oversight and Government Reform Committee revealed that six other IRS employees lost emails due to computer malfunctions.

And, According to CNN, "EPA Administrator Gina McCarthy told the Republican-led committee that the agency cannot access some e-mails belonging to a biologist who worked on a controversial mining project assessment."

It is unknown if there were any failures on the part of HUD like that of the IRS and the EPA, but the lack of security is clearly a problem for many federal agencies.