May 4, 2006, 10:00 am
The Texas Lottery Commission needs to better enforce its computer system security policies and more effectively ensure that its main contractor is conducting background checks on its employees, according to a state auditor's report obtained Wednesday.
The report, which is scheduled for public release on Friday, said security at the lottery is "generally satisfactory." But the auditors identified several significant security weaknesses, especially in the area of system access.
For example, the report said the commission does not sufficiently document and enforce rules and policies about passwords, firewalls and accounts with special access privileges. The report did not include details about the security flaws to prevent people from exploiting them.
Lottery spokesman Bobby Heith did not immediately return a telephone call seeking comment. Commission Chairman C. Thomas Clowe said Wednesday morning that the audit would be discussed at the board's next meeting.
The commission is required to hire an independent firm to study all aspects of lottery security at least once every two years. The audit also addressed concerns raised by former and current lottery employees about the agency's ability to operate after a disaster.
Lawmakers grilled lottery officials about the agency's disaster recovery plan last fall after an employee sent two state representatives a scathing e-mail claiming the commission's emergency control center isn't fully functional. The employee was fired two days after he sent the e-mail for refusing to answer his supervisors' questions about the center unless they put them in writing.
The auditors said the commission should improve some aspects of its disaster recovery plan, but they pointed out that the agency's recovery center only supports its internal accounting system and other administrative processes.
They did however say weaknesses in lottery operator GTECH Corp.'s disaster recovery plan should be corrected "to better ensure that the operation of Texas lottery games can resume promptly after a disaster." GTECH controls the systems that run all lottery games.
The audit also urged lottery officials to ensure GTECH's employees have undergone proper background investigations and said all the company's employees should receive security awareness training.
A GTECH spokeswoman said she hadn't seen the report and couldn't comment on it.
Other areas of concern identified in the audit involved security aspects of each lottery game, the distribution of instant tickets and the security of lottery buildings and warehouses.
But the auditors said a 2004 reorganization of the lottery's security division did not have a significant negative effect.
The state auditor's office is expected to release another report later this year on the commission's personnel policies. Current and former lottery employees have complained the agency uses the threat of terminations to scare and intimidate anyone who questions lottery operations.
Lottery officials have said the law allows them to fire employees at any time for any lawful reason.
Your last visit: Tue, Oct 19, 2021, 3:43 am