Old Equipment and Lack of Security in the Protection of the Information in the Argentina Mint
<p><span style="line-height: 1.6em;">The AGN (for its acronym in Spanish) noticed they were using etching technology that was over 30 years old, making a digital check of the bill basically impossible. Verification of the use of ink and paper sent by the Central Bank as well as the number of the bill generated depend on manual records. There are PCs with Windows95.</span></p> <div> </div>
The Audit General’s Office stated that "the Mint which is a Society that belongs to the State uses technology that’s more than three decades old, which, in turn, has no digital interfaces for the control of their production." Consequently, procedures that verify the use of ink and special paper sent by the Central Bank and the number of bills generated "rely on manual registrations transcribed subsequent to computers, with potential risks of error inherent in manual processes."
In addition, the evaluation of the Mint’s administration from September 2010 to August 2011 it was discovered that there is no strategic plan, which means that "the decisions of resource-acquisition technologies (IT) - are reactive "and concerning" short-term needs."
Moreover, the Control Agency found that "there is a significant amount of equipment that has outlived their useful life" of 268 computers, "196 are more than 4 years old and 248 have Windows operating systems without vendor support" , as was found in the computers that had Windows95 software. However, there was an effort to modernize and between 2008 and 2011 several purchases were made. Nevertheless, the acquisitions "didn’t even reach 25% of all the computers”.
As for the security of the computers, the AGN noted that, "there is no assigned professional that monitors the security of information technology" and "there are no restrictions on the navigation of web pages, with could affect the safety of the equipment of Mint".
In addition, the data center "is not protected from environmental factors such as heat, dust, or humidity", and "the cabinets where server, tape drives, and connectivity elements are stored have their rear doors opened and loose power and data cables falling out.” Also, for this area there is no “record of visits or procedures to limit the amount of visits permitted."
As for the reinsurance in place to ensure the continuity of IT services, the watchdog said that "the Mint gave the watchdog a contingency plan that had not been updated since 1999, which describes procedures for equipment and systems that are now not found in any area.” Meanwhile, the National Audit Office concluded that "the IT services are not secured in the body if they suffer a major disruption."
Seeing all this, the AGN noted the need to "renew and incorporate new hardware, training agents, develop strategies, policies, and procedures and define the center's facilities processing data in accordance with good practices in these areas."