The US State Department Email System Breached

The State Department says it needs to reconstruct its classified computer systems after suffering a hack the agency has said only affected its unclassified networks. This detail, buried in a 2016 funding request document, combined with State’s failing data protection grades on a recent government wide report card, paints a picture of an agency ripe for another attack, security experts say. 
“I assume (and hope) that emails sent between the President and Secretary of State are heavily encrypted and never touch the public Internet,” Christopher Soghoian, principal technologist for the American Civil Liberties Union, tweeted.
That might not be the case. Zero percent of State’s email was sent via systems configured to encrypt messages — or code the contents so they are unreadable if intercepted, according the White House’s annual report to Congress on agency information security. The messages were all sent in clear text. It’s unclear what kind of data protections former State Secretary Hillary Clinton had in place when she emailed President Barack Obama from her homemade email system.
State has asked Congress for $10 million to support “the necessary re-architecting of the classified and unclassified networks” at the department, according to current Secretary of State John Kerry’s budget justification. The budget request also proposes spending $17.3 million on “architecture services.” The overhaul will establish new security controls and help reduce “known security vulnerabilities.” 
One weakness in all department systems is the absence of two-step identity verification, according to the cyber score-sheet. Under a 2004 presidential directive, all agency login screens must require users to enter passwords and a second credential, like a smart card, for access. The 2016 budget states State is aiming to establish the two-step process by 2018.
defenseone   http://ow.ly/KfIrd

 

« Snowden: New Zealand Spying on Pacific Islands
Snowden Appeals to Switzerland to Grant Asylum »

Perimeter 81

Directory of Suppliers

Cyber Security Service Supplier Directory

Cyber Security Service Supplier Directory

Free Access: Cyber Security Service Supplier Directory listing 5,000+ specialist service providers.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

BackupVault

BackupVault

BackupVault is a leading provider of completely automatic, fully encrypted online, cloud backup.

eBook: Practical Guide to Security in the AWS Cloud

eBook: Practical Guide to Security in the AWS Cloud

AWS Marketplace would like to present you with a digital copy of the new book, Practical Guide to Security in the AWS Cloud, by the SANS Institute.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Perimeter 81

Perimeter 81

Perimeter 81 is a Zero Trust Network as a Service designed to simplify secure network, cloud and application access for the modern and distributed workforce.

Computer Weekly

Computer Weekly

ComputerWeekly provides the latest news and analysis through its website and weekly digital magazine, as well as award-winning, exclusive premium content.

Centrify

Centrify

Centrify’s Next-Gen Access is an identity & access management solution that uniquely converges Identity-as-a-Service, enterprise mobility management and privileged access management.

IBM Application Security

IBM Application Security

IBM application security testing solutions provide preemptive protection for mobile and web-based applications.

Qualitest Group

Qualitest Group

Qualitest is the world’s largest pure play Quality Assurance and software testing company.

Ambersail

Ambersail

Ambersail provide Penetration Testing and Cyber Security Compliance services.

CyberVista

CyberVista

CyberVista is a cybersecurity training and workforce development company.

Stealthbits Technologies

Stealthbits Technologies

Stealthbits Technologies is a cybersecurity software company focused on protecting an organization's sensitive data and the credentials attackers use to steal that data.

Hypori

Hypori

Hypori is a virtual smartphone solution that makes truly secure BYOD a reality for organizations in healthcare, finance, government, and beyond.

Sayata Labs

Sayata Labs

Sayata delivers a streamlined solution for processing cyber policies. Increase profitability with an easy and intuitive platform.

AmWINS Group

AmWINS Group

AmWINS are a global specialty insurance distributor with expertise in property, casualty and professional lines including cyber liability.

Cyway

Cyway

Cyway is a value-added cybersecurity distributor focusing on on-prem, cloud solutions and hybrid solutions, IoT, AI & machine learning IT security technologies.

Camel Secure

Camel Secure

Camel Secure is a company specialized in the development of products for information security and technology risk management.