Imran Awan case shows lax security controls for Congressional IT staff

Imran Awan case shows lax security controls for Congressional IT staff

By Kevin McDonald

Investigations into the conduct of the IT staff of the House of Representatives raised alarms. Kevin McDonald explains what we can learn from the case of Imran Awan.

Those who operate with high-level system access, such as IT administrators, possess immense and potentially devastating control. With even partial domain or local administrator access, a tech-savvy individual can observe every action performed on a system. They can add programs designed to spy on users, damage systems or data, redirect data flows and communications, or fully reproduce every bit of data contained on the systems they control. They can pretend to be a user and take action as if they are that user.

I have been involved in investigations where data was deleted, information was exfiltrated, money was stolen and clients were locked out of their own systems, and even extorted by staffers with information they gained from systems access. This means that the utmost care must be taken in selecting these technology professionals, determining their access and monitoring their behaviors.

In particular, sensitive systems in government, defense and finance should be accessed and supported only by those with impeccable work history, experience, knowledge and character. If issues or questions arise about their conduct, they should have their access immediately revoked until an investigation can be completed. There is no room for leniency or error until the concerns are alleviated.

This brings me to the Imran Awan case. Awan spent more than a decade with deep access and substantial control over the computers of dozens of members of Congress.

Click here to continue reading at TechTarget Search Security…

Kevin McDonald, COO & CISO – Alvaka Networks

Kevin B. McDonald is the chief operating officer and chief information security officer at Alvaka Networks. Kevin is a trusted technology and security practitioner and public policy advisor to some of America’s most influential people and organizations. He advises corporate executives, federal and state legislators, law enforcement, high net worth individuals and other business leaders. He is a sought after consultant, writer, presenter and trainer on the issues surrounding personal, physical and cyber security, compliance and advanced technology. Kevin has written for and been interviewed by dozens of national publications and on major television, radio and digital outlets.

Chairman, Orange County Sheriff/Coroner’s Technology Advisory Council (T.A.C)
Member, OC Shield
Member, FBI InfraGard
Member, O.C. Home land Security Advisory Council (OCHSAC)
Member, US Secret Service’s LA Electronic Crimes Task Force (LAECTF)

2018-04-08T21:08:54+00:00