US Government Cyber Security Still Needs Work

Uploaded on 2020-02-11 in INTELLIGENCE--USA, GOVERNMENT-National, GOVERNMENT-Defence, FREE TO VIEW

A new report confirms that, despite a series of of warnings, the US State Department has consistently failed to secure its information technology-dependent systems from cyberattacks reflects a general mismanagement of resources.

The Department of Homeland Security, through its Cybersecurity and Infrastructure Security Agency (CISA), has published alerts and guidance recommending heightened awareness and vigilance.  Recent headlines have also raised significant concerns about the possibility of cyberattacks on US businesses as a result of the heightened tensions with Iran. 

The latest State Department Report reapeats finding in 2017, notes “lapses in the performance of duties by Information Systems Security Officers persisted in FY 2019” and pointed to overseas posts where problems were more extensive. In the Office of Foreign Missions, for example, “the lack of a fully implemented systems development lifecycle methodology” meant staff there was using a system that hadn’t been authorised for operation since 2013, the report said.

The report, which was a statement on the department’s “Major Management and Performance Challenges,” referenced the US Inspector General’s 2019 Federal Information Security Management Act Report, which reported weaknesses in all of eight metrics the IG used. 

These included risk management, configuration management, identity and access management, data protection and privacy, security training, information security continuous monitoring, incident response, and contingency planning.

The State Departmnet’s consolidated financial statements for 2018 and 2019, also said, “We have reported weaknesses in IT security controls as a significant deficiency in each audit since our audit of the Department’s FY 2009 consolidated financial statements.” The independent audit also found “significant deficiencies” in State’s financial reporting, budgetary accounting and intergovernmental revenue, among other things. 

US State Dept:             Mondaq:              DefenseOne

You Might Also Read:

Cyber Training For Every US Federal Employee:

Leaked Report: The United Nations Was Hacked:


 

 

« Faster Digital Forensic Analysis
Is Widespread Suspicion Of Huawei Justified? »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)

On-Demand Webinar - Hear security experts from SANS and AWS break down the myths and realities of what an NGFW is and what one can do for your security posture.

CFC Underwriting

CFC Underwriting

CFC is a specialist insurance provider and a pioneer in emerging risk, including cyber insurance.

CyberOwl

CyberOwl

CyberOwl's early warning system uses a probabilistic framework to systematically aggregate uncertain and disparate security events to provide real-time visibility of threats to every asset.

Ingalls Information Security

Ingalls Information Security

Ingalls Information Security provides network security, monitoring and forensics.

Cyber Security Expo

Cyber Security Expo

Cyber Security EXPO is a unique one day recruitment event for the cyber security industry.

TrainACE

TrainACE

TrainACE, is a professional computer training school offering courses in information technology with a focus on Advanced Security training.

MASS

MASS

MASS provides world-class capabilities in electronic warfare operational support, cyber security, information management, support to military operations and law enforcement.

Information and Communication Technology Authority (ICT Authority) - Kenya

Information and Communication Technology Authority (ICT Authority) - Kenya

The ICT Authority is responsible for enforcing ICT standards in Government and ensuring information security.

ByteLife Solutions

ByteLife Solutions

ByteLife Solutions specialises in the provision of IT infrastructure services and solutions, including cybersecurity.

Redwall Technologies

Redwall Technologies

Redwall provides cybersecurity expertise and technology to prevent and respond to emerging threats against mobile applications and connected infrastructures.

Netography

Netography

Netography provides a scalable and reliable platform for detection & remediation of cyber threats found on your network.

Great American Insurance Group

Great American Insurance Group

Great American's Cyber Risk Division offers cyber solutions for small and medium-sized businesses.

Coralogix

Coralogix

Coralogix are rebuilding the path to observability using a real-time streaming analytics pipeline that provides monitoring, visualization, and alerting capabilities without the burden of indexing.

Purism

Purism

Purism works with hardware component manufactures and the free software community to build high quality hardware that respects your digital life.

ITQ Latam

ITQ Latam

ITQ Latam are specialists in cybersecurity, in a convergent ecosystem of technological solutions in infrastructure, cloud and security networks.

Telit Cinterion

Telit Cinterion

Telit Cinterion is a global enabler of the intelligent edge providing highly secure IoT solutions, modules and services.

Ignite Cyber

Ignite Cyber

IGNITE Cyber is focused on enabling secure technology adoption through intelligent business decisions. We are focused on providing a secure and stable business environment for everyone.