State Department Is Failing At Basic Cybersecurity Standards, Senators Say
Senators want to know why the State Department isn’t using basic cybersecurity protections.
In a letter sent to Secretary of State Mike Pompeo on Tuesday, a bipartisan group of five senators called out the department’s poor cybersecurity practices.
The agency was required to adopt multifactor authentication for all accounts with “elevated privileges” as part of the Federal Cybersecurity Enhancement Act. An inspection found that only 11 percent of required agency devices actually enabled it, according to the letter.
The State Department has received the letter and is carefully reviewing it, a spokesperson said.
Cybersecurity has become a major concern for government officials as nation-state hackers from countries like North Korea, Russia and Iran set their sights on the US for espionage and cyberattacks. These hacks, which have infiltrated power grids and routers, give spies an opening for future attacks. As these cyberattacks are often politically motivated, it’s alarming to the group of senators that the State Department isn’t meeting federal cybersecurity standards.
In another investigation, the Department of State’s inspector general found that security experts were able to exploit vulnerabilities in the agency’s email accounts, as well as its applications and operating systems.
The senators noted that a simple password isn’t enough to protect State Department email accounts anymore.is a simple security measure that requires two forms of verification — like a password and a PIN code, for example — to gain access to an account. Even if hackers steal your password, it’ll be harder to hijack an account.
“We are sure you will agree on the need to protect American diplomacy from cyber attacks, which is why we have such a hard time understanding why the Department of State has not followed the lead of many other agencies and complied with federal law requiring agency use of MFA,” the letter says.
The letter was signed by Sen. Ron Wyden, a Democrat from Oregon; Sen. Cory Gardner, a Republican from Colorado; Sen. Ed Markey, a Democrat from Massachusetts; Sen. Rand Paul, a Republican from Kentucky; and Sen. Jeanne Shaheen, a Democrat from New Hampshire.
They’re seeking answers from Pompeo on these points, with a deadline of Oct. 12:
- What actions has the Department of State taken in response to the Office of Management and Budget’s designation of the Department of State’s cyber readiness as “high risk”?
- What actions has the department taken to rectify the near total absence of multifactor authentication systems for accounts with elevated privileges accessing the agency’s network, as required by federal law?
- Provide statistics, for each of the past three years, detailing the number of cyberattacks against Department of State systems located abroad and including statistics about both successful and attempted attacks.
Author: Alfred Ng
Hong Kong Watchdog Issues Record HK$15.2 Million Fine To Chinese Broker Over Failure To Report Money Laundering
The Securities and Futures Commission, Hong Kong’s securities watchdog, has fined mainland Chinese state-owned firm Guosen Securities (HK) Brokerage a record HK$15.2 million (US$1.9 million) for failure to report money-laundering activity, it said on Monday. An...
With Brexit fast approaching, there are growing worries surrounding the U.K.’s financial and economic well-being after leaving the safety blanket of the European Union. Among fears of the U.K. heading towards economic turmoil, we must also consider the real threat...
The RCMP has filed charges against 17 people accused of taking part in a multi-million-dollar money-laundering scheme. Police arrested 14 people on Monday in the Montreal and Toronto area, but three suspects are still at large. According to the RCMP, members of the...