The GAO has taken the SEC to task over what it sees as lax security and inadequate responses to recommendations made over the last few years about how and where to the tighten up. Reuters has more:

SEC must fix data security weaknesses

Reuters
April 29, 200

It's a nightmare scenario: A hacker accesses e-mails in U.S. Securities and Exchange Commission computers and splashes them across the Internet, revealing an inquiry into a company that shakes investor confidence before the probe is complete.
Such an attack has never happened at the SEC, but computer experts say it could if the agency fails to tighten security.

The SEC, an investor protection agency that demands tight internal controls from the companies it oversees, was recently criticized by congressional investigators for not having its own house in order when it comes to cyber security.

The Government Accountability Office (GAO) said last month the SEC had failed to limit remote access to its servers, establish controls over passwords, securely configure all network devices, and adopt security monitoring procedures.

A successful hacker could use nonpublic information to make trouble for a targeted company or rival. "It wouldn't necessarily be manipulation" of data by a hacker that would do the most harm, said Paul Kurtz, a former White House cyber security official. "It would be to expose information to damage another firm."

Not exactly a comment headed towards the earth kind of nightmare scenario, but still enough that it should give the business community shudders.

Read the full article here.

-- MDT

Labels: GAO