The US State Department Email System Breached

The State Department says it needs to reconstruct its classified computer systems after suffering a hack the agency has said only affected its unclassified networks. This detail, buried in a 2016 funding request document, combined with State’s failing data protection grades on a recent government wide report card, paints a picture of an agency ripe for another attack, security experts say. 
“I assume (and hope) that emails sent between the President and Secretary of State are heavily encrypted and never touch the public Internet,” Christopher Soghoian, principal technologist for the American Civil Liberties Union, tweeted.
That might not be the case. Zero percent of State’s email was sent via systems configured to encrypt messages — or code the contents so they are unreadable if intercepted, according the White House’s annual report to Congress on agency information security. The messages were all sent in clear text. It’s unclear what kind of data protections former State Secretary Hillary Clinton had in place when she emailed President Barack Obama from her homemade email system.
State has asked Congress for $10 million to support “the necessary re-architecting of the classified and unclassified networks” at the department, according to current Secretary of State John Kerry’s budget justification. The budget request also proposes spending $17.3 million on “architecture services.” The overhaul will establish new security controls and help reduce “known security vulnerabilities.” 
One weakness in all department systems is the absence of two-step identity verification, according to the cyber score-sheet. Under a 2004 presidential directive, all agency login screens must require users to enter passwords and a second credential, like a smart card, for access. The 2016 budget states State is aiming to establish the two-step process by 2018.
defenseone   http://ow.ly/KfIrd

 

« Snowden: New Zealand Spying on Pacific Islands
Snowden Appeals to Switzerland to Grant Asylum »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Cortado Mobile Solutions

Cortado Mobile Solutions

Cortado Mobile Solutions is the manufacturer of the mobile device management solution Cortado MDM.

SecuriThings

SecuriThings

SecuriThings is a User and Entity Behavioral Analytics (UEBA) solution for IoT security.

Packet Ninjas

Packet Ninjas

Packet Ninjas is a niche cyber security agency with specialized expertise in the use of digital intelligence to strengthen cyber security.

HudsonCyber

HudsonCyber

HudsonCyber, part of HudsonAnalytix, provides leading cyber risk management services for the global maritime transportation industry.

Intelligent Waves

Intelligent Waves

Intelligent Waves holds and manages contracts to provide an array of intelligence, operational, communications and IT support to the USG in austere, forward-deployed, hazardous duty environments.

Arcanum Information Security (AIS)

Arcanum Information Security (AIS)

Arcanum Information Security is a specialist Information Assurance Consultancy and a leading provider of Cyber Security services to UK Defence, UK Government, Enterprise businesses and SMEs.

Hexatrust

Hexatrust

The HEXATRUST club was founded by a group of French SMEs that are complementary players with expertise in information security systems, cybersecurity, cloud confidence and digital trust.

Secudos

Secudos

SECUDOS is an innovative appliance technology and services provider focused on IT security and compliance.

Innovative Solutions (IS)

Innovative Solutions (IS)

Innovative Solutions is a specialized professional services company delivering Information Security products and solutions for Saudi Arabia and the Gulf region.

CYSEC SA

CYSEC SA

Cysec is equipped to deliver agile security solutions for the most challenging IT infrastructures around the world.

Ultra Electronics

Ultra Electronics

Ultra specialises in providing application-engineered bespoke solutions. We focus on mission critical and intelligent systems in the defence, security, critical detection & control markets.

LimaCharlie

LimaCharlie

LimaCharlie gives security teams full control over how they manage their security infrastructure. Get full visibility, build what you want, control your data, get the security capabilities you need.

SHI International

SHI International

SHI International deliver against your IT and business needs, helping you build strategies and solutions that will drive innovation, collaboration and security.

Eurotech

Eurotech

Eurotech provides Edge Computers and IoT solutions. We help to connect your assets and make them smarter through secure and agnostic hardware and software technologies.

Zenzero

Zenzero

Zenzero simplifies technology adoption and supports our customers through managed and outsourced IT support.

Argantic

Argantic

Argantic aims to help organisations thrive and reach their full potential in a modern cloud-centric era.