State Department 'Data at Risk' as Embassy Cyber Officers Lag Behind

(Graphic by Lee Ferran/Code and Dagger. Original photo by slon_dot_pics from Pexels.)

(Graphic by Lee Ferran/Code and Dagger. Original photo by slon_dot_pics from Pexels.)

State Department computer systems and sensitive U.S. government data are currently “at risk,” according to a watchdog report that found nearly half of overseas posts’ information security officers were failing to implement full cybersecurity measures.

Earlier this month the State Department Office of Inspector General (OIG) released a report [PDF] detailing the concerning findings, based on a review of other reports since 2016.

“Information systems security officers (ISSO) are responsible for enforcing Department of State […] information systems security policies to ensure the protection of the Department’s computer infrastructure, networks, and data,” the report says. “However, OIG has found continued deficiencies in the performance of ISSO duties, which places the Department’s computer systems and data at risk.”

RELATED: NASA Years Behind on Cybersecurity Strategy, Report Says

The report reviewed write-ups on 51 overseas posts and found problems at 25 of them — 49 percent. Among the deficiencies, security officers weren’t running the random user account reviews they should’ve been or weren’t analyzing system audit logs “for inappropriate or unusual activity.”

The watchdog laid the fault at the feet of the officers themselves, higher-up management, as well as the basic structure of the State Department’s bureaucracy and the priority placed on cybersecurity. For instance, the responsibility of a security officer is often taken on as a “collateral duty” by the post’s Information Management specialist — which is a different job. The department only has a “few” dedicated ISSOs and they are at larger posts, the report says.

The U.S. government has suffered a string of cyber attacks in recent years, most recently through the breach of an outside vendor that did extensive government work, purportedly by Russian hackers. In 2015, China was blamed for a major cyber-theft operation that made off with personal details of tens of thousands of government officials.

The OIG report made a handful recommendations to get the ISSOs on track, including increasing interest in information operations by the chief of mission at a given embassy.

PRIMARY SOURCE: State IG Report (PDF)

[Do you have a tip or question for Code and Dagger?  Send it along at CodeAndDagger@protonmail.com. And if you like what you read and want to help keep the site running (kind of) smoothly, click here to learn how you can lend your support. ]

Read a State Dept Cable About a President’s Attempt to Overturn an Election

On Christmas Day, FBI Hunts Stolen 'Peanuts' Art