Background
The U.S. Postal Service’s daily operations depend on both wired and wireless networks and technologies to collect, process, and deliver the nation’s mail. Wireless networks provide access to critical systems and devices without requiring a physical connection. Appropriately securing these networks to increase protection against cyberattacks is vital to Postal Service business operations. The Postal Service’s Corporate Information Security Office ensures the security of wireless connections to internal and external resources. The Network & Compute Technology group designs, secures, and manages the wireless network infrastructure, while the Network Change Review Board manages and approves wireless network standards and activities. Finally, the Chief Technology Office performs research and development for delivery, mail processing, and retail systems and equipment.
What We Did
Our objective was to evaluate the effectiveness of the Postal Service’s security controls to protect and manage its wireless infrastructure. Specifically, we conducted a technical wireless network assessment at four postal facilities from January through April 2022 using both [redacted] to determine if security controls were in place and functioning as intended.
What We Found
While the Postal Service utilized appropriate encryption standards and managed wireless channels to improve network performance, the agency did not have other technical security controls in place. Specifically, we found insufficient technical security controls that allowed [redacted] and allowed devices to [redacted]. We also found that management did not conduct [redacted] of the wireless network and that they were not aware of [redacted] at Postal Service facilities. These issues occurred because the [redacted] was not configured properly. In addition, instead of performing visual inspections and walk-throughs, management relied on software to identify wireless devices. Finally, there were no established procedures for how to account for [redacted] at Postal Service facilities.