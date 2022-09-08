New You can listen to Fox News stories now!

Exclusive: The Department of Homeland Security’s inspector general said that sensitive data at United States Citizenship and Immigration Services systems are vulnerable to cyberattacks by malicious actors, and that flaws in the agency’s IT security could “limit” DHS’s ability to “overcome a major cybersecurity incident.”

Fox News Digital exclusively obtained the report by DHS Inspector General Joseph Kafari. The Office of Inspector General informed USCIS of its findings and recommendations to improve controls to control unauthorized access to its systems and information.

“USCIS did not take all necessary steps to ensure that privileged user access was appropriate and did not adequately manage and monitor service account access,” the report said, adding that USCIS also did not implement required security settings and updates for IT systems and workstations. Mitigate impact if access control weaknesses are exploited.

USCIS’s access control flaws “increase its attack surface and potential avenues for malicious actors to launch a cyberattack,” the inspector general warned in the report.

Until the flaws are fully addressed, the inspector general said, DHS may be limited in its ability to “overcome a major cybersecurity incident.”

USCIS, however, is “taking steps” to address deficiencies in its security, according to the inspector general.

USCIS collects sensitive data for immigration processing, including identification and biometric data.

The inspector general warned that unauthorized persons could access that sensitive information and said recent efforts by USCIS to digitize information for electronic use are a “high visibility target for attackers.”

“DHS’ security posture relies on all components to implement effective IT security processes; therefore, USCIS’ access control and system security setting deficiencies may limit the Department’s ability to mitigate the risk of unauthorized access to its network and disruption of mission operations,” the IG report said.

A spokesman for the inspector general declined to comment.

USCIS did not immediately respond to Fox News’ request for comment.

Improper patching has led to cyberattacks such as the Solar Winds cyberattack. The Biden administration imposed sanctions on Russia for that computer hack, which began in 2020 when malicious code was snuck into updates to popular software that monitors the computer networks of businesses and governments.

The malware, affecting a product made by American company SolarWinds, gave elite hackers remote access into the company’s networks so they could steal information.

The Biden administration has been warning of the potential for “malicious cyber activity” against the United States, particularly by Russia amid its war on Ukraine.

Earlier this year, DHS warned US organizations at all levels that they could face cyber threats stemming from the Russia-Ukraine conflict.

The Biden administration has worked to strengthen cyber defenses after a series of ransomware attacks last summer, in which foreign malicious actors targeted US critical infrastructure.

Biden signed a national security memorandum last year directing his administration to develop key cybersecurity performance goals. Infrastructure In the US — companies such as electric utility companies, chemical plants, and nuclear reactors.

The memo formally establishes Biden’s Cyber ​​Security Initiative, a voluntary collaborative effort between the federal government and critical infrastructure organizations that will facilitate the deployment of technology and systems that provide threat visual indicators and detections.