Apparently a PricewaterhouseCoopers security audit of my old agency found a major vulnerability in its distributed computer system. They have IBM AD-400 minicomputers in about 2300 sites with local administration. I've seen a notice where they're tightening up on procedures for granting access to the system. I've also seen a request for information (which I may discuss in a separate post) considering the possible moving of the computers from county offices to more centralized locations.
I can understand what happened. The accounting firm probably sent out some people who found that anyone could break into a county office (mostly located in small towns of 2-10,000), break into the system and make off with personal data, or hack into the overall system. It could happen. And, as a public agency, you can't really say that the chances are very, very small of this happening, there are things we can do to reduce the risk and mitigate the damage from any such break-in, so we should devote our attention to those areas. Remember that people have lost their jobs over the handling/mishandling of data on laptop computers even though no damage resulted. And know that Congress would pillory anyone who appeared before them after a break-in.
It's the game we bureaucrats have to play--hire an outside firm and then go through hoops just to cover our ass.
No comments:
Post a Comment