The U.S. Commerce Department destroyed more than $170,000 worth of desktops, printers, TVs, cameras and computer mice to remove from its network an infection that had been vastly overstated, according to a newly released audit.
The action was "clearly unnecessary," according to the report from the Department's inspector general, which said a small agency within the Commerce Department had "overstated" the extent of malicious software on its network dating to December 2011.
The agency, the Economic Development Administration, spent more than $2.7 million -- more than half its IT budget for the year -- responding to what it believed was a serious cyber attack, including hiring a contractor to further investigate.
The inspector general's findings reflect what experts say is a broader problem in the federal government -- a shortage of employees with the necessary expertise to analyze and respond to cyber attacks in their network.
Back in 2011, the Commerce Department's Computer Incident Response Team identified 146 pieces of IT equipment possibly infected when in fact just two showed signs of suspicious activity, the inspector general found.
The inspector general attributed the "misunderstanding" to "inaccurate analysis" and "serious long-standing deficiencies" in the agency's security program.
But at the time, the agency's officials "remained convinced that there could be extremely persistent malware somewhere" in its network, and believed that hackers backed by a foreign government may have been behind the malware, the report found.
However, the inspector general said it found no evidence of widespread malware. "In the end, nothing identified on EDA’s components posed a significant risk to EDA’s operations," the report said.
"The destruction of IT components was clearly unnecessary because only common malware was present" on the agency's systems, according to the IG report.
The Commerce Department agreed with the findings and said it had already implemented some of the inspector general's recommendations, including "hiring experienced and certified incident handlers."