US Government Cyber Security Still Needs Work

Uploaded on 2020-02-11 in INTELLIGENCE--USA, GOVERNMENT-National, GOVERNMENT-Defence, FREE TO VIEW

A new report confirms that, despite a series of of warnings, the US State Department has consistently failed to secure its information technology-dependent systems from cyberattacks reflects a general mismanagement of resources.

The Department of Homeland Security, through its Cybersecurity and Infrastructure Security Agency (CISA), has published alerts and guidance recommending heightened awareness and vigilance.  Recent headlines have also raised significant concerns about the possibility of cyberattacks on US businesses as a result of the heightened tensions with Iran. 

The latest State Department Report reapeats finding in 2017, notes “lapses in the performance of duties by Information Systems Security Officers persisted in FY 2019” and pointed to overseas posts where problems were more extensive. In the Office of Foreign Missions, for example, “the lack of a fully implemented systems development lifecycle methodology” meant staff there was using a system that hadn’t been authorised for operation since 2013, the report said.

The report, which was a statement on the department’s “Major Management and Performance Challenges,” referenced the US Inspector General’s 2019 Federal Information Security Management Act Report, which reported weaknesses in all of eight metrics the IG used. 

These included risk management, configuration management, identity and access management, data protection and privacy, security training, information security continuous monitoring, incident response, and contingency planning.

The State Departmnet’s consolidated financial statements for 2018 and 2019, also said, “We have reported weaknesses in IT security controls as a significant deficiency in each audit since our audit of the Department’s FY 2009 consolidated financial statements.” The independent audit also found “significant deficiencies” in State’s financial reporting, budgetary accounting and intergovernmental revenue, among other things. 

US State Dept:             Mondaq:              DefenseOne

You Might Also Read:

Cyber Training For Every US Federal Employee:

Leaked Report: The United Nations Was Hacked:


 

 

« Faster Digital Forensic Analysis
Is Widespread Suspicion Of Huawei Justified? »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

tunCERT

tunCERT

TunCERT is the National Computer Emergency Response Team of Tunisia.

TechInsurance

TechInsurance

TechInsurance is America's top technology insurance company offering a range of technology related products including Cyber Liability insurance.

Boxcryptor

Boxcryptor

Boxcryptor encrypts your sensitive files before uploading them to cloud storage services.

ASU Online - Information Technology Program

ASU Online - Information Technology Program

The Information Technology program at ASU Online provides you with the expertise to design, select, implement and administer computer-based information solutions.

LiveVault

LiveVault

LiveVault delivers fully automated, turnkey, backup over the Internet or a private network connection for uninterrupted remote data protection.

Cyberra Legal Services (CLS)

Cyberra Legal Services (CLS)

Cyberra Legal Services provides cyber law advisory, cyber crime consultancy, cyber law compliance audit, cyber security, cyber forensics and cyber training services.

Get Indemnity

Get Indemnity

Get Indemnity are specialist insurance brokers with experience working on a wide range of innovative business insurance products that combine risk management, indemnity and incident response services.

Britive

Britive

The Britive Platform is a cloud-native security solution built for the most demanding cloud-forward enterprises.

Grayshift

Grayshift

Grayshift is the leading provider of mobile device digital forensics, specializing in lawful access and extraction.

boxxe

boxxe

boxxe create flexible IT infrastructures, collaborative global workspaces and data clarity, all underpinned by world-leading security.

Extreme Networks

Extreme Networks

Since 1996, Extreme has been pushing the boundaries of networking technology, driven by a vision of making it simpler and faster as well as more agile and secure.

Cloudflare

Cloudflare

Cloudflare is a global network designed to make everything you connect to the Internet secure, private, fast, and reliable.

ID R&D

ID R&D

ID R&D is an award-winning provider of AI-based facial liveness, document liveness, and voice biometrics.

Kaesim Cybersecurity

Kaesim Cybersecurity

Kaesim are a global team of cybersecurity experts protecting businesses since 2015. We stop bad people damaging your business, your data and your reputation.

Panoplia Digital Protection

Panoplia Digital Protection

Panoplia Digital Protection is a cutting-edge cybersecurity company that leverages the power of AI and ML to help businesses and consumers protect themselves against cyber threats.

CSIRT-Gnd

CSIRT-Gnd

CSIRT-Gnd provides 24x7 Computer Security Incident Response Services to citizens, companies and government agencies in Grenada.