The US State Department Email System Breached

Uploaded on 2015-03-15 in INTELLIGENCE--USA, GOVERNMENT-National, FREE TO VIEW

The State Department says it needs to reconstruct its classified computer systems after suffering a hack the agency has said only affected its unclassified networks. This detail, buried in a 2016 funding request document, combined with State’s failing data protection grades on a recent government wide report card, paints a picture of an agency ripe for another attack, security experts say. 
“I assume (and hope) that emails sent between the President and Secretary of State are heavily encrypted and never touch the public Internet,” Christopher Soghoian, principal technologist for the American Civil Liberties Union, tweeted.
That might not be the case. Zero percent of State’s email was sent via systems configured to encrypt messages — or code the contents so they are unreadable if intercepted, according the White House’s annual report to Congress on agency information security. The messages were all sent in clear text. It’s unclear what kind of data protections former State Secretary Hillary Clinton had in place when she emailed President Barack Obama from her homemade email system.
State has asked Congress for $10 million to support “the necessary re-architecting of the classified and unclassified networks” at the department, according to current Secretary of State John Kerry’s budget justification. The budget request also proposes spending $17.3 million on “architecture services.” The overhaul will establish new security controls and help reduce “known security vulnerabilities.” 
One weakness in all department systems is the absence of two-step identity verification, according to the cyber score-sheet. Under a 2004 presidential directive, all agency login screens must require users to enter passwords and a second credential, like a smart card, for access. The 2016 budget states State is aiming to establish the two-step process by 2018.
defenseone   http://ow.ly/KfIrd

 

« Snowden: New Zealand Spying on Pacific Islands
Snowden Appeals to Switzerland to Grant Asylum »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Tines

Tines

The Tines security automation platform helps security teams automate manual tasks, making them more effective and efficient.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

CYBERPOL

CYBERPOL

CYBERPOL is the leading Public Utility Agency for investigating cyber crimes and cyber attacks by criminals, international adversaries.

Digital Detective

Digital Detective

Digital Detective offer a range of products and services for digital forensic analysis and advanced data recovery.

ATSEC Information Security

ATSEC Information Security

ATSEC is an independent, privately-owned company that focuses on providing laboratory and consulting services for information security.

Clusit

Clusit

Clusit is the Italian Association for Information Security, a nonprofit organization devoted to promoting every aspect of information security.

National Defense Industry Association (NDIA) - USA

National Defense Industry Association (NDIA) - USA

The National Defense Industrial Association Cyber Division contributes to US national security by promoting interaction between the cyber defense industry, government and military.

SecuDrive

SecuDrive

SecuDrive, provides hardware encrypted external storage devices to protect a company’s sensitive and important data.

Future of Cyber Security Europe

Future of Cyber Security Europe

Future of Cyber Security Europe is a European wide event examining the latest cyber security strategies and technologies.

Scientific Cyber Security Association (SCSA)

Scientific Cyber Security Association (SCSA)

The main goal of Scientific Cyber Security Association is the development of scientific and practical directions of cyber security.

Orca Security

Orca Security

Orca Security delivers full stack visibility including prioritized alerts to vulnerabilities, compromises, misconfigurations, and more across your entire inventory on all your cloud accounts.

Collins Aerospace

Collins Aerospace

Collins Aerospace provides cybersecurity services and systems to protect critical infrastructure facilities and railroad operations.

EnigmaSoft

EnigmaSoft

EnigmaSoft is known for its PC anti-malware remediation utility and service under the tradename SpyHunter.

Beyond Encryption

Beyond Encryption

Mailock by Beyond Encryption is a secure email solution that allows businesses to exchange email securely, safe in the knowledge that their email can only be read by their intended recipient.

EdgeWatch

EdgeWatch

EdgeWatch is a platform that helps information accredited security practitioners discover, monitor, and analyze devices that are accessible from the Internet.

Cyberlocke

Cyberlocke

Cyberlocke is dedicated to finding inventive solutions to meet the distinct IT obstacles of each organization we support.

Frenos

Frenos

The Frenos Platform helps enterprises understand their most probable attack paths while highlighting the most effective risk mitigations to deter and defend against today’s adversaries.

ClearSale (CLSA3)

ClearSale (CLSA3)

Clearsale’s innovative fraud solutions combine advanced technology with a passionate team of seasoned experts that understand every client’s unique needs.