Security lapses hit State Dept. computers
USA TODAY 3/23/98 - Updated 07:08 AM ET
WASHINGTON - The State Department shut down portions of one of its
international computer systems for at least two weeks last fall after
investigators uncovered security lapses they feared would jeopardize
national security. The action was taken after a General Accounting
Office probe discovered an intruder's tell-tale digital footprints -
data indicating the presence of an unauthorized person - in computers
at two overseas posts, several current and former officials familiar
with the incident told USA TODAY.
The GAO report was completed 10 days ago. The State Department, exercising
its prerogative, has classified some of the report "Secret" and the rest
"For Official Use Only." As a result of the intrusion, for much of
October 1997 the two posts were limited in their access to the network,
forcing portions of the State Department to dispatch couriers around
the globe to circulate delicate information on paper.
The evidence of an intrusion was revealed during GAO's first aggressive
testing of security in the State Department's computer system. The
system links computers in Washington that contain "unclassified but
sensitive" information with 250 U.S. embassies and consulates. The
location of the two posts could not be confirmed.
Teams of government and private contractors were brought in to patch
the breaches through which intruders were suspected of slipping in.
"Every agency, including the private sector, has security concerns,"
said Patrick Kennedy, acting assistant secretary of State for security.
"The weaknesses we uncovered should not be divulged," said Jack Brock
of GAO, who was in charge of the team that conducted the study.
Some State Department officials and others involved in the probe said
that it remains unclear if anyone actually broke into the systems.
Others, however, stressed that it's equally uncertain that someone
didn't. Kennedy, while declining to elaborate, says the incident did
not affect "a major system." This is the second recent incident
concerning State Department security.
Earlier this month, a still-unidentified man walked out of a high-
security section at State Department headquarters here after taking
classified documents from a courier's case. In the computer security
case, the GAO is certain that it found identifiable weaknesses.
According to several people familiar with the report, those weaknesses
suggest that computer hackers using off-the-shelf tools could gain
access to systems containing a variety of unclassified data useful to
adversaries, such as travel schedules of U.S. embassy officials.
The State Department's decision to classify the GAO report has
frustrated Senate plans for public hearings this spring on government
computer security. The study was to have been released then.
o~~~ O |
