On Tuesday, the Office of the Inspector General (OIG) released a semi-annual report of the National Security Agency (NSA) to Congress that cited several security concerns for the agency’s technology and data. The report covers six months of oversight from April 1 to Sept. 30, 2018.
In the report, the inspector general detailed the total number of recommendations and oversight memoranda during the period. The OIG issued 21 reports during the period, while also making 620 recommendations to the NSA on how to improve deficiencies within the agency.
The OIG had been investigating waste, fraud, abuse, and misconduct within the NSA that initiated 39 investigations and 118 inquiries within the six-month period. As a result, 24 agency employees have received disciplinary action, as well as a recoupment of approximately $261,000 from employees and contractors.
For 10 operational systems, the Technology and Cybersecurity audit division branch of the OIG reviewed whether individuals were designated to fill the System Security Plan’s critical roles. The OIG found that several of the systems were operating without one or more critical roles that were required. The office determined that “the Agency does not have a reasonable assurance that some systems have requisite security oversight.”
Among other issues within the agency include inadequate documentation of data flow that might risk unauthorized or delayed sharing of data with partners and a lack of required training for partner personnel who have access to certain data.