Any organization with a computer network is concerned about cybersecurity, and the U.S. Postal Service has one of the world’s largest IT networks. It connects 1.1 million devices and includes 92.5 petabytes of storage. (A petabyte is a million gigabytes.)
As cyberattacks targeting critical infrastructure continue to increase in frequency and sophistication, keeping networks and data safe from threats is an ever-evolving challenge.
One way the OIG helps the Postal Service protect its IT infrastructure is by auditing how well USPS maintains network security. These cybersecurity audits can involve high-level overviews or detailed technical examinations. They can focus on IT specifics or surrounding processes.
Three OIG reports issued just last month show the range of work our auditors do on cybersecurity:
- State of Cybersecurity examined the Postal Service’s cybersecurity strategy, risk management process, and organizational structure at a high level. We found the Postal Service had made positive strides but the state of cybersecurity at the Postal Service lacked maturity and would benefit from additional improvements.
- Wireless Assessment in contrast involved a technical assessment of wireless network security at four postal facilities to see if controls were in place and functioning as intended. The audit found that the Postal Service used appropriate encryption standards and managed wireless channels to improve network performance, but other technical security controls were not in place.
- Procurement and Management of Cybersecurity Tools evaluated how well the Postal Service purchased and managed cybersecurity tools. The audit team selected two tools and examined the related contracts. They found problems both with tool acquisition and contract management.
Do you have concerns about the cybersecurity of the Postal Service’s networks? What areas would you like to see examined?