During the Fiscal Year (FY) 2014 Information Technology Internal Controls audit, the U.S. Postal Service Office of Inspector General (OIG) became aware of a hardware failure that resulted in the loss of the Computer Incident Response Team (CIRT) database used to record and monitor computer incidents.
The U.S. Postal Service’s Data Management Services group periodically performs off-site backups for hundreds of critical databases. However, there are other essential databases that are not classified as critical2 that are used for daily functions. These functions include analysis of historical data and maintaining records for compliance with existing security policy.3 We are issuing this alert to make the Postal Service aware of the need to modify its current backup and storage requirements to ensure that essential, but not critical, data is available.
The Postal Service did not ensure all database backups were being stored on separate hardware. Specifically, the CIRT database was lost due to a hardware failure and the data was not recovered due to the absence of a backup on a separate piece of hardware. As a result, this database was not available to perform historical analyses and the Postal Service could not comply with security policy. Although the Postal Service took immediate corrective action for this database by implementing backup procedures on separate hardware, there may be other unidentified databases that are not backed up on separate hardware that could result in a loss of data and the inability to comply with record maintenance requirements.
Backup and Recovery
The Postal Service maintained an essential CIRT database and backed up a copy of the database on the same hardware. On April 4, 2014, a hardware failure occurred that made the original database and the backup of the database inaccessible. 4 As a result, the database was not available to perform analyses of computer incidents that would enable management to more effectively monitor and resolve new incidents in a timely manner. In addition, the Postal Service could not maintain an electronic incident repository.
Although management responded swiftly and took corrective action by updating and implementing backup procedures for a new CIRT database using the5 application, there may be other essential databases used by other groups that are not backed up on separate hardware. The practice of backing up data on the same hardware could result in the loss of essential data, increased workhours to recreate the databases, and an inability to perform analyses in the event of hardware failure.
Currently, the Postal Service’s security standards6 state critical information resources must be stored off-site at a location that is not subject to the same threats as the original media, but does not prohibit the practice of using the same hardware to maintain and back up noncritical information resources. If the standards were updated, database owners would need to review and possibly modify their backup procedures, thereby ensuring information resources can be restored in a timely manner in the event of a hardware failure.
Recommendations
We recommend the manager, Corporate Information Security:
1. Expand existing procedures in Handbook AS-805, Information Security, to prohibit the practice of using the same hardware to maintain and back up noncritical information resources.
2. Issue a reminder that data backups are to be maintained in an appropriate location to reduce potential loss, damage, or misuse of essential data.
read OIG report