Oregon’s Data Center Has Major Weaknesses, Says Report from Atkins
Wednesday, August 26, 2015
The report warns that the "State agencies use the data center’s complex and extensive inventory of computers and networks to run hundreds of their programs. A breach in state systems could result in significant loss of sensitive data about Oregonians, such as tax or medical records and social security numbers that could be used in fraud or identity theft," said the statement.
"Oregon must do more to protect its data systems,” said Secretary of State Jeanne P. Atkins. "The risks identified in this audit make it clear the urgency we face."
Multiple Problems
The report released identifies multiple ares of critical security problems that have never been resolved, although auditors issued warnings dating back as far as 2006. The problems include:
1) inadequate management of system configurations
2) insufficient monitoring of networks and users with special system access
3) inadequate incident tracking, and obsolete hardware and software.
Collectively, the problems heighten the risk to computer programs and information at the data center.
The report is highly critical of the existing situation and the lack of attention to the ongoing problems.
Auditors concluded that the state has been unable to improve security because management abandoned initial data center security plans, did not assign security roles and responsibilities, or provide sufficient security staff. As a result, efforts to improve security often ended in partially implemented solutions. Even if alerts sounded, in many cases no one had the authority or responsibility to resolve them.
"Oregon must do more to protect its data systems,” said Secretary of State Jeanne P. Atkins. "The risks identified in this audit make it clear the urgency we face."
The report noted that organizational changes to improve security occurred in the last six months. The state Chief Information Officer now answers directly to the Governor. In addition, the 2015 Legislature formalized the state Chief Information Officer’s responsibility for information technology throughout all state agencies, including the data center. This also brought the data center under the direct responsibility of the Chief Information Officer. These changes heightened attention on security and managers are now starting to build the security function into the data center as originally planned.
Auditors stated that the organizational changes were appropriate and necessary but also indicated that resolving the many longstanding security weaknesses will require significant resources, time and perseverance, along with the cooperation of other state agencies. Auditors noted that they will be starting an audit of security issues in agency computer programs, and also return to the data center in two years to report on its progress.
Auditors also recognized management for the unique agreement with the state of Montana to quickly restore operations after a serious disaster or disruption by copying its systems and records to Montana’s State Data Center. This approach could assist data center recovery but auditors noted additional work remained to replicate some systems and fully test the plans.
The audit team consisted of William Garber, Neal Weatherspoon, Teresa Furnish and Amy Mettler.
Related Slideshow: Recent Data Breaches in Oregon
Here are some of the biggest data and security breaches in Oregon between 2015 and 2012, according to Privacy Rights Clearinghouse:
Related Articles
- Oregon Insurance Division Announces Investigation into LifeWise Data Breach
- Oregon DAS Assessed After Data Security Vulnerability
- Portland Crime Problems: Data Helps Fight the Dangerous Trends
- Ten Recent Data Breaches In Oregon
- New OHSU Data Center Has Massive Computing Power, Low Electricity Use
- New Data Shows Portland Suicides Rise In Spring and Summer
- Data Used To Calculate Portland Street Fee Full of Errors, Critics Say
- 69,000 Oregonians Hit by Health Data Breaches
- Department of Fish and Wildlife Will Use Drones to Collect Data
- HackOregon Turns Complex Campaign Finance Data into Understandable Graphics
- New Data Gives Better View of University Graduation Rates
Follow us on Pinterest Google + Facebook Twitter See It Read It