WASHINGTON (Reuters) - The U.S. Secret Service refused to provide data on its computer security systems to the Department of Homeland Security in 2014, preventing it from being able to verify if it was complying with security policies, an inspector general's report said on Monday.
The service, which has faced withering criticism after several security lapses including a White House breach in September, "refused to comply with mandated computer security policies," according to the report by the DHS inspector general.
The review also said DHS agencies were not doing enough to protect computer systems from such high-risk bugs as Heartbleed, which allowed hackers to spy on computers but not take control of them.
The report said FEMA and the U.S. Citizenship and Immigration Service still use the Microsoft Windows XP operating system, which may be vulnerable to hackers and that Microsoft stopped providing software updates for in April.
"DHS has worked to improve and secure its vast IT resources," said Inspector General John Roth. "But those improvements can only be effective if component agencies fully adhere to the rules and DHS management vigorously enforces compliance.
"Failure to do so will pose a serious threat to DHS and its Homeland Security missions.”
The inspector general's office said the Secret Service has agreed to begin providing the required data to the DHS chief information officer. It made six recommendations to improve security, which the department accepted.
Homeland Security combined 22 different federal departments and agencies into one when it was established in 2002.
(Reporting by Doina Chiacu; Editing by Andrew Hay)