Any half-way capable hacker could easily penetrate dozens of US government computer networks becasue of lax security standards at many agencies, a congressional report concludes. The report was issues by the Government Accountability Office. It found that only a handful of government agencies had secure wireless networks so as to be protected from unauthorized access. The report urges government agencies not to set up WiFi networks until and unless these agencies could be sure to secure them.
Nine of the 24 major agencies investigated, however, have not yet issued wireless security plans, while the guidelines others provided offered little guidance for acceptable use. The GAO was surpirsed to find that 13 agencies did not even require their WiFi networks to be set up in a secure fashion and most agencies, even those with rudimentary guidelines, do not monitor their employees' wireless activity to ensure that the guidelines are followed.
GAO investigators, using off-the-shelf gear, could easily pick up WiFi signals from outside all of the six agencies they tested. Moreover, they also found many instances of unauthorized activity at all six as well. For example, in one of the agencies, 90 laptops were configured to search for a wireless connection while they were plugged in to a wireless network, allowing an easy way in for hackers. The report called on the Office of Management and Budget to mandate the use of encryption by government agencies, as well as VPNs and other security tools.
For more on government WiFi security:
- see this eWeek report