In a letter sent to Secretary of State Mike Pompeo, a bipartisan group of five United States senators is criticizing the State Department for failing to address basic cybersecurity standards.

The letter sent Tuesday points out the department’s failure to safeguard itself from cyber threats, claiming that the State Department is lagging far behind that of other federal agencies in the race to defend itself from cyber attacks.

The letter specifically calls on the State Department to roll out multifactor authentication across its networks since the “password only approach is no longer sufficient to protect sensitive information from sophisticated phishing attempts and other forms of credential theft.”

Multifactor authentication is essential to effective diplomacy, at least according to Sen. Ron Wyden who claims, “Effective diplomacy depends on being able to keep certain things secret from other governments, especially during sensitive negotiations. If State can’t secure their emails from hackers, it will undermine their ability to function as the foreign policy arm of the U.S. government.”

But the letter claims that the State Department has deployed multifactor authentication on only 11 percent of required agency devices, violating the requirement under the Federal Cybersecurity Enhancement Act of 2015 to use multi-factor authentication for all accounts with elevated privileges.

The letter also points out that the Whitehouse recently deemed the State Department’s cyber readiness level at “high risk” and that a report released last year from the department’s watchdog found that a third of diplomatic missions did not conduct “even the most basic” cyber threat management practices, such as regular reviews and audits of information systems to check of any unusual activity.

Last May President Trump signed an executive order to hold agency heads accountable for cybersecurity and require them to implement the NIST Framework for Improving Critical Infrastructure. However, the State Department’s inability to adopt relatively simple cybersecurity protections highlights the Trump administration’s failure to strengthen cybersecurity defenses across all federal agencies at the most basic level.

While certainly not a silver bullet, Multifactor authentication (MFA) can make it significantly harder for foreign governments or cybercriminals targeting diplomats or other U.S. interests to access accounts. MFA is a basic cybersecurity defense highlighted in the CIS Basic Controls, in specific CIS Control 4 – Controlled Use of Administrative Privileges. Specifically, CIS Sub control 4.5, demands the use of multi-factor authentication and encrypted channels for all administrative account access. Neglecting to implement such a crucial safeguard could result in phishing campaigns to target political campaigns and allow hackers to exploit vulnerabilities in email accounts, applications, and operating systems.

 

Read in the Washington Post

The Most Powerful & Reliable Cybersecurity Products

change tracker gen7r2 logo

Change Tracker Gen 7R2: Complete configuration and system integrity assurance combined with the most comprehensive and intelligent change control solution available.

FAST Cloud logo

Fast Cloud: Leverage the world’s largest whitelist repository to automatically evaluate and verify the authenticity of file changes in real-time with NNT FAST™ (File Approved-Safe Technology)

vulnerability tracker logo

Vulnerability Tracker: The world’s only limitless and unrestricted vulnerability scanning solution with unparalleled accuracy and efficiency, protecting your IT assets on premises, in the cloud and mobile endpoints.

log tracker logo

Log Tracker: Comprehensive and easy to use security information & event log management with intelligent & self-learning correlation technology to highlight potentially harmful activity in seconds

Contact Us

Corporate Headquarters

Netwrix
6160 Warren Parkway, Suite 100
Frisco, Texas, 75034

Phone 1: 1-949-407-5125

Phone 2: 888-638-9749 (toll-free)


[email protected]
 

United Kingdom

Netwrix
5 New Street Square
London EC4A 3TW

Phone: +44 (0) 203 588 3023


 [email protected]
SC Magazine Cybersecurity 500 CSGEA Winners 2021 CIS benchmarking SEWP Now Certified IBM Security
Copyright 2024, New Net Technologies LLC. All rights reserved. 
NNT and Change Tracker are registered trademarks of New Net Technologies LLC.
All other product, company names and trademarks are the property of their respective owners.