One would think an investigation that uncovers something bad would be focused on that bad. Would one not? What?
Not the Post Office. (Contains link to source.)
Seems concern about security ONLY matters if it messes with the Post Office BRAND!
And since when do accountant, pencil pushing, number crunching nerds care one bit about reputation?
“Additional security is required to adequately protect the [redacted]. Exposure of this [redacted] could have a serious negative impact to the Postal Service brand.”
So something needs more security to protect whatever it is the postal service is supposed to protect (oh wait.. yes that would be MAIL!)
But whatever that is, it pales in comparison to whatever that is can do to the reputation and brand of the Postal Service.
The following is that short and redacted and obviously synopsis of the larger document below.
“An internal watchdog at the U.S. Postal Service revealed a significant security gap in one of the organization’s systems, but officials wouldn’t publicly disclose any information about the vulnerability.
The Postal Service Inspector General inadvertently uncovered the bug during an audit to determine whether the Postal Service had addressed a separate IT security flaw, auditors said in a heavily redacted management alert.
The latest vulnerability “poses a security weakness that warrants management’s immediate attention,” auditors said. The IG notified the organization’s top cybersecurity officials in early April.
Though nearly all details about the vulnerability were stricken from the public version of the alert, it’s clear the flaw presented a serious cyber threat to the Postal Service.
“Postal Service policy requires there be security controls sufficient to satisfy baseline security requirements in all information resources,” auditors said. “Additional security is required to adequately protect the [redacted]. Exposure of this [redacted] could have a serious negative impact to the Postal Service brand.”
“We are currently working to determine the number of Postal Service employees and contractors who have access to [redacted] and how it may have been used,” they added.
The IG made four recommendations to USPS address the issue and Postal Service officials agreed with all of them. In one, auditors advised the chief information security officer to “determine if [redacted] was accessed or exported and, if so, implement incident response protocols.” USPS told auditors “no [redacted] were observed.”
“We are working closely with the OIG on ways to continuously maintain and protect the integrity of our systems,” a Postal Service spokesperson said in an email to Nextgov. Both The Postal Service and the IG declined to comment on the nature of the vulnerability and affected systems.”
And this is the heavily redacted notice from postal management.
IT-MT-19-001