Senators quiz Pompeo on State Department's cybersecurity failures

A bipartisan group of senators called out Secretary of State Mike Pompeo for the State Department's failure ...

Posted: Sep 13, 2018 10:25 AM
Updated: Sep 13, 2018 10:25 AM

A bipartisan group of senators called out Secretary of State Mike Pompeo for the State Department's failure to meet federal law on cybersecurity standards, including basic protocols used by major internet companies.

The lawmakers sent a letter to Pompeo on Tuesday citing a General Services Administration report that found the State Department has deployed only "enhanced access controls," such as multi-factor authentication, or multiple steps to log in, across "11% of required agency devices."

Crime, law enforcement and corrections

Criminal offenses

Cyber attacks

Digital crime

Digital security

Elections and campaigns

Government and public administration

Government bodies and offices

Government organizations - US

Politics

Technology

Unrest, conflicts and war

US Department of State

US federal departments and agencies

US federal government

Mike Pompeo

Political Figures - US

US Congress

US Senate

The letter also referenced findings by the State Department inspector general, who found in 2017 "that 33% of diplomatic missions failed to conduct the most basic cyber threat management practices, like regular reviews and audits."

Bipartisan concern

"We are sure you will agree on the need to protect American diplomacy from cyberattacks, which is why we have such a hard time understanding why the Department of State has not followed the lead of many other agencies and complied with federal law requiring the use of MFA (multi-factor authentication)," read the letter from Democratic Sens. Ron Wyden of Oregon, Ed Markey of Massachusetts and Jeanne Shaheen of New Hampshire and their Republican colleagues Sens. Cory Gardner of Colorado and Rand Paul of Kentucky.

The senators asked that the State Department provide them with information about how it is working to rectify the situation and the number of successful and attempted cyberattacks on State Department systems abroad.

A State Department spokesperson confirmed they had received the letter and said it would be carefully reviewed before the department responds.

Multi-factor or two-factor authentication usually requires users to enter a separate code after they enter their passwords when logging in to their email or social media accounts. The code is usually texted to the user or accessed through a mobile phone app.

'Accessed by an enemy'

The additional security step is offered by major tech giants including Google, Facebook and Twitter, and is designed to prevent a hack even if a user's password has been stolen.

As the midterm elections approach, some political campaigns and state election officials are using two-factor authentication in an attempt to avoid a repeat of the widespread Russian hacking seen in 2016.

Jessica Ortega, a research analyst at the cybersecurity firm SiteLock, told CNN that a State Department official not using multi-factor authentication could be vulnerable to a cyberattack.

"Not having accounts protected by multiple layers of security could mean that cracking one password or PIN code means that all the information a diplomat has access to could be accessed by an enemy," she said.

The Democratic National Committee, which itself was allegedly successfully targeted by Russian hackers, according to a recent indictment from special counsel Robert Mueller's team, has advised candidates to use multi-factor authentication.

Article Comments

Fort Wayne
Few Clouds
31° wxIcon
Hi: 44° Lo: 36°
Feels Like: 26°
Angola
Clear
34° wxIcon
Hi: 42° Lo: 34°
Feels Like: 29°
Huntington
Clear
32° wxIcon
Hi: 44° Lo: 36°
Feels Like: 27°
Decatur
Few Clouds
31° wxIcon
Hi: 45° Lo: 37°
Feels Like: 26°
Van Wert
Clear
32° wxIcon
Hi: 44° Lo: 36°
Feels Like: 26°
Warmer Thursday
WFFT Radar
WFFT Temperatures
WFFT National

Community Events