From: Troutman Sanders
By H. Scott Kelly and Michael E. Lacy
For the second time in recent weeks, a federal official has issued a warning regarding potential security weaknesses with the Consumer Financial Protection Bureau’s consumer data-mining program. In an October 30 report, United States Inspector General Mark Bialek warned CFPB Director Richard Cordray that the IG office had “identified information security as a major management challenge for the CFPB due to the advanced, persistent threat to government information technology infrastructure.” He cautioned that “improvements are needed in four high-priority security risk areas: continuous monitoring, configuration management, security training, and incident response and reporting.”
The security problems highlighted by the IG weren’t limited to financial databases, as Bialek also warned that “CFPB management faces challenges in implementing a continuous monitoring process for all CFPB systems.” The IG was alarmed that the CFPB did not have the capability to quickly identify cybersecurity breaches, stating, “It is difficult for the CFPB to correlate information on incident activity because it does not yet have the capability to analyze security incident information from all relevant sources.”