State Department Is Failing At Basic Cybersecurity Standards, Senators Say
Senators want to know why the State Department isn’t using basic cybersecurity protections.
In a letter sent to Secretary of State Mike Pompeo on Tuesday, a bipartisan group of five senators called out the department’s poor cybersecurity practices.
The agency was required to adopt multifactor authentication for all accounts with “elevated privileges” as part of the Federal Cybersecurity Enhancement Act. An inspection found that only 11 percent of required agency devices actually enabled it, according to the letter.
The State Department has received the letter and is carefully reviewing it, a spokesperson said.
Cybersecurity has become a major concern for government officials as nation-state hackers from countries like North Korea, Russia and Iran set their sights on the US for espionage and cyberattacks. These hacks, which have infiltrated power grids and routers, give spies an opening for future attacks. As these cyberattacks are often politically motivated, it’s alarming to the group of senators that the State Department isn’t meeting federal cybersecurity standards.
In another investigation, the Department of State’s inspector general found that security experts were able to exploit vulnerabilities in the agency’s email accounts, as well as its applications and operating systems.
The senators noted that a simple password isn’t enough to protect State Department email accounts anymore.is a simple security measure that requires two forms of verification — like a password and a PIN code, for example — to gain access to an account. Even if hackers steal your password, it’ll be harder to hijack an account.
“We are sure you will agree on the need to protect American diplomacy from cyber attacks, which is why we have such a hard time understanding why the Department of State has not followed the lead of many other agencies and complied with federal law requiring agency use of MFA,” the letter says.
The letter was signed by Sen. Ron Wyden, a Democrat from Oregon; Sen. Cory Gardner, a Republican from Colorado; Sen. Ed Markey, a Democrat from Massachusetts; Sen. Rand Paul, a Republican from Kentucky; and Sen. Jeanne Shaheen, a Democrat from New Hampshire.
They’re seeking answers from Pompeo on these points, with a deadline of Oct. 12:
- What actions has the Department of State taken in response to the Office of Management and Budget’s designation of the Department of State’s cyber readiness as “high risk”?
- What actions has the department taken to rectify the near total absence of multifactor authentication systems for accounts with elevated privileges accessing the agency’s network, as required by federal law?
- Provide statistics, for each of the past three years, detailing the number of cyberattacks against Department of State systems located abroad and including statistics about both successful and attempted attacks.
Author: Alfred Ng
Illegal gambling will continue to drive people to suicide and facilitate money laundering and match-fixing unless government action is taken, warns the Asian Racing Federation. In a research paper, the ARF’s anti-illegal betting task force outlines the widespread...
Hong Kong Monetary Authority has fined the local unit of JPMorgan Chase HK$12.5 million (US$1.6 million) for failing to meet anti-money laundering and counter-terrorist financing laws. JPMorgan Hong Kong violated six provisions of the rules between April 2012 and...
Deutsche Bank AG has launched a second internal investigation into its role in a money laundering scandal uncovered at an Estonian branch of Danske Bank, the company's CEO said. Speaking to policymakers and clients at an event in Berlin, Deutsche Bank CEO Christian...