A recent Inspector General’s report found that a federal employee at the US Geological Survey managed to infect the agency’s network with malware after viewing pornography on his government-issued computer.
The employee, whose name was redacted in the IG report, visited about 9,000 pages on adult websites, many of which originated in Russia and contained malware, and also saved pornographic images to an unauthorized USB device as well as his personal Android smartphone. Both his computer and phone were infected with malware which then exploited the agency’s network.
The Interior Department’s Rules of Behavior prohibit agency employees from using the official computer systems for illegal or inappropriate actives, which, not surprisingly, includes viewing pornography. This employee had signed an official statement saying that he understood and agreed to abide by these rules. The IG noted that he had agreed to the rules for several years prior to detection.
The IG told Nextgov, who originally reported the story, that the employee is no longer employed by the agency.
IG Recommendations
The IG recommended that USGS “enforce a strong blacklist policy” of known website addresses or domains and regularly monitor employees’ web usage histories. “An ongoing effort to detect and block known pornographic web sites, and web sites with suspicious origins, will likely enhance preventative countermeasures,” stated the report.
The IG also recommended that USGS utilize an IT security policy that prevents the use of unauthorized USB devices on employee computers to help prevent the spread of malware.
A copy of the IG report is included below.
DOI IG Report on USGS IT Vulnerabilities