US Government Cyber Security Still Needs Work

A new report confirms that, despite a series of of warnings, the US State Department has consistently failed to secure its information technology-dependent systems from cyberattacks reflects a general mismanagement of resources.

The Department of Homeland Security, through its Cybersecurity and Infrastructure Security Agency (CISA), has published alerts and guidance recommending heightened awareness and vigilance.  Recent headlines have also raised significant concerns about the possibility of cyberattacks on US businesses as a result of the heightened tensions with Iran. 

The latest State Department Report reapeats finding in 2017, notes “lapses in the performance of duties by Information Systems Security Officers persisted in FY 2019” and pointed to overseas posts where problems were more extensive. In the Office of Foreign Missions, for example, “the lack of a fully implemented systems development lifecycle methodology” meant staff there was using a system that hadn’t been authorised for operation since 2013, the report said.

The report, which was a statement on the department’s “Major Management and Performance Challenges,” referenced the US Inspector General’s 2019 Federal Information Security Management Act Report, which reported weaknesses in all of eight metrics the IG used. 

These included risk management, configuration management, identity and access management, data protection and privacy, security training, information security continuous monitoring, incident response, and contingency planning.

The State Departmnet’s consolidated financial statements for 2018 and 2019, also said, “We have reported weaknesses in IT security controls as a significant deficiency in each audit since our audit of the Department’s FY 2009 consolidated financial statements.” The independent audit also found “significant deficiencies” in State’s financial reporting, budgetary accounting and intergovernmental revenue, among other things. 

US State Dept:             Mondaq:              DefenseOne

You Might Also Read:

Cyber Training For Every US Federal Employee:

Leaked Report: The United Nations Was Hacked:


 

 

« Faster Digital Forensic Analysis
Is Widespread Suspicion Of Huawei Justified? »

Directory of Suppliers

Cyber Security Service Supplier Directory

Cyber Security Service Supplier Directory

Free Access: Cyber Security Service Supplier Directory listing 4,000+ specialist service providers.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Clayden Law

Clayden Law

Clayden Law are experts in information technology, data privacy and cybersecurity law.

BackupVault

BackupVault

BackupVault is a leading provider of completely automatic, fully encrypted online, cloud backup.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

CRU

CRU

CRU is a pioneer in devices for data mobility, data security, encryption, and digital investigation.

herdProtect

herdProtect

herdProtect is a second line of defense malware scanning platform powered by 68 anti-malware engines in the cloud.

Votiro

Votiro

Votiro develops and licenses unique security software solutions that help protect organizations from external cyber attacks.

Secura

Secura

The Secura Cyber Security and Intelligence system predicts and prevents security threats by discovering hidden patterns through the meticulous analysis of large amounts of data.

DataDome

DataDome

DataDome offers real-time AI protection against all OWASP automated threats, including credential stuffing, layer 7 DDoS attacks, SQL injection & intensive scraping.

Cyber Security for Critical Manufacturing (ManuSec) Europe 2020

Cyber Security for Critical Manufacturing (ManuSec) Europe 2020

Join 120+ Manufacturing Security Experts for IT-OT Convergence Talks, Best Practice Guides, Practical Insights, Cyber Resilience Tips & More. 4-5 February 2020. Munich.

OAS Chain

OAS Chain

OAS Blockchain Renaissance Project presents three platforms that address the major challenges of public blockchain, private blockchain, and IoT security.

Collins Aerospace

Collins Aerospace

Collins Aerospace provides cybersecurity services and systems to protect critical infrastructure facilities and railroad operations.