America is relying on an old and neglected computer system to ferret out terrorist threats that is “a bit of a joke,” according Washington watchdog Judicial Watch.
Citing a recent government oversight report, Judicial Watch said the State Department branch “responsible for spotting visa and passport fraud fails to practice basic security protocols, leaving the nation extremely vulnerable to foreign threats,”
For example, the machines in the system are outdated, monitor poorly and fail to protect data.
Employees fail to perform basic security scans, even though the “monstrous agency” has a $37 billion annual budget.
Judicial Watch said the report “documents the alarming inefficiencies in a decades-old system – Bureau of Consular Affairs Fraud Prevention Program (CA/FPP) – used by the State Department to determine if foreigners seeking U.S. visas are being candid about their identity and where they have traveled.”
“The goal is to oversee and coordinate the integrity of U.S. visa and citizenship processes by stopping fraud in the visa and passport system, a crucial tool to protect national security.”
But the “incredible lapses” that the report from the Office of Inspector General documented expose the security team as “a bit of a joke.”
“The team doesn’t even bother to patch the system, scan it for computer viruses or audit for evidence of breaches or compromises by hackers. In short, the State Department consular division ignores basic information security practices in this essential program used to screen potential threats,” Judicial Watch said.
“Nearly two decades after the worst terrorist attack on American soil, this is incredibly disturbing.”
The OIG found deficiencies that included shared passwords and lack of access control lists or visitor logs, and there’s no effort to “perform regular patch management or anti-virus scanning.”
“It gets better, or rather, more enraging,” Judicial Watch said. “The OIG found that no one monitors the server and the State Department doesn’t keep adequate logs of who accesses the information on the database. In fact, a SharePoint site established by the agency a decade ago to track ‘possible consular malfeasance’ has never even been examined.”
Further, no one ever had checked whether the system contained information beyond that system’s security authorization. And while there could have been breaches of the system, no one will ever know.
The OIG report was based on 178 interviews and 224 questionnaires from consular offices in the field as well as 54 from agency workers domestically.
The primary goal, the report said, should be for “the Bureau of Consular Affairs [to] implement a website content management process for the Office of Fraud Prevention Programs that includes a dedicated team responsible for the regular updating of website content.”
There also are federal standards for security that should be used.
“This is the same agency that allowed Hillary Clinton to traffic highly classified information on an unsecure, personal email server,” Judicial Watch pointed out.