"CBP Cybersecurity Failures Left Travelers' Personal Info at Risk, IG Says"
According to a recent DHS Office of Inspector General audit, Customs and Border Protection (CBP) failed to ensure that its Mobile Passport Control (MPC) applications were protected from cybersecurity threats. The internal watchdog report found that the organization charged with border control did not scan its apps for vulnerabilities, detect vulnerabilities identified in scans, complete security and privacy compliance reviews, and properly manage its system configuration. If CBP does not address these cybersecurity vulnerabilities, MPC apps and servers will remain vulnerable to attacks, thus putting travelers' personally identifiable information (PII) at risk of exploitation by malicious actors. The audit revealed that over 10 million travelers used the unsecured MPC apps between July 2017 and December 2019. CBP is encouraged to ensure that all MPC app update versions are scanned prior to release by developers, codify processes surrounding scanning, ensure specialists review all scan results for vulnerabilities, define processes for performing required security and privacy compliance reviews, and more. This article continues to discuss the discovery of CBP's failure to conduct required cybersecurity activities for its MPC apps.
NextGov reports "CBP Cybersecurity Failures Left Travelers' Personal Info at Risk, IG Says"