In a letter sent to Secretary of State Mike Pompeo, a bipartisan group of five United States senators is criticizing the State Department for failing to address basic cybersecurity standards.

The letter sent Tuesday points out the department’s failure to safeguard itself from cyber threats, claiming that the State Department is lagging far behind that of other federal agencies in the race to defend itself from cyber attacks.

The letter specifically calls on the State Department to roll out multifactor authentication across its networks since the “password only approach is no longer sufficient to protect sensitive information from sophisticated phishing attempts and other forms of credential theft.”

Multifactor authentication is essential to effective diplomacy, at least according to Sen. Ron Wyden who claims, “Effective diplomacy depends on being able to keep certain things secret from other governments, especially during sensitive negotiations. If State can’t secure their emails from hackers, it will undermine their ability to function as the foreign policy arm of the U.S. government.”

But the letter claims that the State Department has deployed multifactor authentication on only 11 percent of required agency devices, violating the requirement under the Federal Cybersecurity Enhancement Act of 2015 to use multi-factor authentication for all accounts with elevated privileges.

The letter also points out that the Whitehouse recently deemed the State Department’s cyber readiness level at “high risk” and that a report released last year from the department’s watchdog found that a third of diplomatic missions did not conduct “even the most basic” cyber threat management practices, such as regular reviews and audits of information systems to check of any unusual activity.

Last May President Trump signed an executive order to hold agency heads accountable for cybersecurity and require them to implement the NIST Framework for Improving Critical Infrastructure. However, the State Department’s inability to adopt relatively simple cybersecurity protections highlights the Trump administration’s failure to strengthen cybersecurity defenses across all federal agencies at the most basic level.

While certainly not a silver bullet, Multifactor authentication (MFA) can make it significantly harder for foreign governments or cybercriminals targeting diplomats or other U.S. interests to access accounts. MFA is a basic cybersecurity defense highlighted in the CIS Basic Controls, in specific CIS Control 4 – Controlled Use of Administrative Privileges. Specifically, CIS Sub control 4.5, demands the use of multi-factor authentication and encrypted channels for all administrative account access. Neglecting to implement such a crucial safeguard could result in phishing campaigns to target political campaigns and allow hackers to exploit vulnerabilities in email accounts, applications, and operating systems.

 

Read in the Washington Post

NNT Products
USA Offices
New Net Technologies LLC
Naples
Suite #10115, 9128 Strada Place
Naples, Florida, 34108
Atlanta
201 17th Street, Suite 300
Atlanta, Georgia, 30363.
Portland
4145 SW Watson, Suite 350
Beaverton, Oregon, 97005.

Tel: 1-888-898-0674
email [email protected]
UK Office
New Net Technologies Ltd
Rivers Lodge, West Common
Harpenden, Hertfordshire
AL5 2JD

Tel: 01582 287310
email [email protected]
Connect
Google+ Linkedin Twitter - Change Tracker Facebook rss feed YouTube
CIS benchmarking SEWP Cybersecurity 500Sans Institute Now Certified
Copyright 2018, New Net Technologies LLC. All rights reserved. 
NNT and Change Tracker are registered trademarks of New Net Technologies LLC.
All other product, company names and trademarks are the property of their respective owners.