Audit: California Agencies Vulnerable to IT Security Breach

Many California state agencies are not complying with the state's information technology standards, leaving them vulnerable to a major security breach of sensitive data such as Social Security numbers, health information or tax returns, the state auditor reported Tuesday.

"Our review found that many state entities have weaknesses in their controls over information security. These weaknesses leave some of the state's sensitive data vulnerable to unauthorized use, disclosure, or disruption," Auditor Elaine Howle wrote in the report.

She notes that the state is a prime target for information security breaches as government agencies keep extensive amounts of confidential data. Many agencies also have not sufficiently planned for interruptions or disasters, she found.

In June, the federal Office of Personnel Management announced a major hack that exposed personal information of about 20 million current and former federal employees and job applicants.

"Given the size of California's economy and the value of its information, if unauthorized parties were to gain access to this information, the costs both to the state and to the individuals involved could be enormous," Howle wrote.

California likely also is not alone in its security gaps, with some states faring worse and some better, said Tim Erlin, a director of security and IT risk strategist for Portland, Ore.-based security firm Tripwire.

"Government has a much more robust audit process that's public," Erlin said. "You never get a report like this from a Fortune 500 company unless something bad has already happened."

The auditor's report said the agency in charge of ensuring compliance with IT standards, the Department of Technology, has failed to ensure agencies are complying; a voluntary "self-certification" of compliance was confusing and poorly worded, she wrote, leading many agencies to report that they were complying when they were not. She also criticized the department for its slowness in auditing agencies.

"At its current pace,...

Comments are closed.