The USDA’s National Agricultural Statistical Service (NASS) needs to improve security measures relating to potentially sensitive commodity-market data prior to the release of agricultural reports. The recommendation comes from an audit by the USDA’s Office of Inspector General.
NASS conducts hundreds of surveys each year and prepares production forecasts and final estimates for numerous commodities, including corn, wheat, cotton, soybeans, and oranges, as well as cattle and hog inventory estimates. Producers and commodities traders watch NASS reports closely to track production and supply trends, and the reports can have significant influence on cash and futures prices for agricultural commodities.
For example, NASS provides statistical data included in the World Agricultural Supply and Demand Estimates (WASDE) report. An Economic Research Service economist found when the WASDE report is released, it is “followed by an immediate reaction reflected in the opening future prices for each commodity.”
NASS employs various processes to keep that sensitive information secure prior to its release of reports. Data collected in the field are sent in encrypted form to NASS, where they are decrypted in “lockup,” where analysts prepare reports for eventual release to the public. The OIG audit focused on the effectiveness of the lockup procedures for securing market-sensitive commodity data before their official release.
OIG auditors found NASS did not adequately enforce critical procedures and physical security measures meant to protect the security of NASS information. For example, outside communication from the lockup is not allowed, but according to the report, OIG was able to bring a cell phone into lockup and witnessed a reporter using an iPad during lockup.
The auditors also report NASS has not taken action to address previously identified vulnerabilities in its information technology (IT) systems. These issues, OIG reports, could allow leaks of information and threaten the integrity of markets.
Based on the audit, OIG recommends NASS should:
- Develop, implement, and document periodic internal reviews for the entire lockup process and submit the results to an independent evaluator for follow-up.
- Take action to mitigate IT vulnerabilities.
- Implement controls to prevent data release delays.
- Improve the physical security of lockup, IT equipment, and server rooms.
- Take steps to further secure sensitive data.
Access the full report from USDA/OIG.