State Department Is Failing At Basic Cybersecurity Standards, Senators Say
Senators want to know why the State Department isn’t using basic cybersecurity protections.
In a letter sent to Secretary of State Mike Pompeo on Tuesday, a bipartisan group of five senators called out the department’s poor cybersecurity practices.
The agency was required to adopt multifactor authentication for all accounts with “elevated privileges” as part of the Federal Cybersecurity Enhancement Act. An inspection found that only 11 percent of required agency devices actually enabled it, according to the letter.
The State Department has received the letter and is carefully reviewing it, a spokesperson said.
Cybersecurity has become a major concern for government officials as nation-state hackers from countries like North Korea, Russia and Iran set their sights on the US for espionage and cyberattacks. These hacks, which have infiltrated power grids and routers, give spies an opening for future attacks. As these cyberattacks are often politically motivated, it’s alarming to the group of senators that the State Department isn’t meeting federal cybersecurity standards.
In another investigation, the Department of State’s inspector general found that security experts were able to exploit vulnerabilities in the agency’s email accounts, as well as its applications and operating systems.
The senators noted that a simple password isn’t enough to protect State Department email accounts anymore.is a simple security measure that requires two forms of verification — like a password and a PIN code, for example — to gain access to an account. Even if hackers steal your password, it’ll be harder to hijack an account.
“We are sure you will agree on the need to protect American diplomacy from cyber attacks, which is why we have such a hard time understanding why the Department of State has not followed the lead of many other agencies and complied with federal law requiring agency use of MFA,” the letter says.
The letter was signed by Sen. Ron Wyden, a Democrat from Oregon; Sen. Cory Gardner, a Republican from Colorado; Sen. Ed Markey, a Democrat from Massachusetts; Sen. Rand Paul, a Republican from Kentucky; and Sen. Jeanne Shaheen, a Democrat from New Hampshire.
They’re seeking answers from Pompeo on these points, with a deadline of Oct. 12:
- What actions has the Department of State taken in response to the Office of Management and Budget’s designation of the Department of State’s cyber readiness as “high risk”?
- What actions has the department taken to rectify the near total absence of multifactor authentication systems for accounts with elevated privileges accessing the agency’s network, as required by federal law?
- Provide statistics, for each of the past three years, detailing the number of cyberattacks against Department of State systems located abroad and including statistics about both successful and attempted attacks.
Author: Alfred Ng
Denmark’s largest bank found more than $200bn in transactions at its Estonian branch and suspects a “large portion” of it was related to money laundering, often from Russia. The CEO stepped down as a result of the year-long investigation. Danske’s CEO Thomas Borgen...
Amazon, the world largest internet retailer, shuffled its Chinese business recently, not to combat poor performance, but to crack down on bribery among its employees in country. Reports say that its independent sellers paid employees for customers’ data as well as...
Former Hong Kong Leader CY Leung Says Britain’s National Crime Agency Is Not Investigating Him Over HK$50 Million UGL Deal
Hong Kong’s former top official Leung Chun-ying declared on Saturday that Britain’s National Crime Agency (NCA) had decided to halt its investigation of a case involving HK$50 million (US$6.3 million) paid to him by an Australian engineering firm while he led the...