The Register: US govt login portal could be one cyberattack away from collapse, say auditors

Jun 4, 2025

—

Source URL: https://www.theregister.com/2025/06/04/login_gov_backup_testing_insufficient_gao/
Source: The Register
Title: US govt login portal could be one cyberattack away from collapse, say auditors

Feedly Summary: Login.gov hasn’t shown its backup testing policy is working, GAO warns
The US government’s Login.gov identity verification system could be one cyberattack, or just a routine IT hiccup, away from serious trouble, say auditors, because it hasn’t shown its backup testing policy is actually in use or effective.…

AI Summary and Description: Yes

Summary: The report highlights concerns from the Government Accountability Office (GAO) regarding the effectiveness of the backup testing policy for Login.gov, a crucial identity verification system used by the US government. This situation underscores potential vulnerabilities in identity management critical for security and compliance.

Detailed Description: The GAO has raised alarms about the Login.gov identity verification system, which serves as a primary interface for citizens to access various government services online. The lack of demonstrable effectiveness in its backup testing policy poses significant risk, suggesting that the system may not be adequately prepared to respond to cyberattacks or operational failures. Key insights include:

– **Vulnerability to Cyberattacks**: The report indicates that without effective backup systems, Login.gov could be jeopardized by both cyber threats and routine IT issues.

– **Risk of Service Interruptions**: A failure in the identity verification system could lead to significant disruptions in the delivery of government services that rely on secure user authentication.

– **Auditor’s Concerns**: The GAO’s findings highlight a crucial gap in accountability for federal IT systems, pressuring agencies to prioritize testing and validation of their backup protocols.

– **Implications for Compliance**: The findings point out the importance of adhering to established cybersecurity best practices and federal regulations regarding system redundancy and reliability.

The report calls for enhanced scrutiny and remediation measures for identity verification systems, which are essential components in government security architecture. This situation raises important questions about governance, risk management, and compliance in the realm of digital identity systems, particularly within the context of the increasing reliance on digital services by the government.

2 2025 4 5 a access account accountability Act AI and Arch architecture ARM art as attack attacks audit auditor auditors authentication backup backup testing Best best practices Bi by C CERN CI CIA co Col compliance concerns Context core critical cyber cyber threat cyber threats cyberattack Cyberattacks cybersecurit Cybersecurity D de demo digital digital identity digital identity systems digital services disruption e effective effectiveness face fail failures federal regulations for g Gen GIS git Go governance government Government Accountability Office government services gs H high Highlight HR http HTTPS identity identity management identity verification implications in insights inter interface io issue ite J Just k Key l led Li liability lm Login.gov M man management measures media N no o of off on one operation operational failures oS out over point policy potential pre protocol protocols Q question R Raise RCE real red redundancy Regulation regulations reliability remediation report Risk risk management Ro RoT s sec secure security security and compliance security architecture security best practices service service interruptions services Sig source SSE system systems T test Testing text the threat threats to Tor TP under up US use user user authentication uth V val Validation verification vulnerabilities vulnerability Wi x Zen