•   
  •   
  •   

Politics Letter: Top federal watchdog probing State Department following hacks

21:16  08 april  2021
21:16  08 april  2021 Source:   politico.com

Immigrant aid, lifeguard shortage, Frontier Days: News from around our 50 states

  Immigrant aid, lifeguard shortage, Frontier Days: News from around our 50 states How the COVID-19 pandemic is affecting every stateStart the day smarter. Get all the news you need in your inbox each morning.

The State Department is facing scrutiny from a top government watchdog for its long-running cybersecurity problems, according to documents reviewed by POLITICO. And the department’s slow response to those investigators has generated significant frustration.

a sign on the side of a building: The Department of State building. © Mark Wilson/Getty Images The Department of State building.

The Government Accountability Office is conducting a wide-ranging probe into the department’s cybersecurity practices following several hacks on the department’s email system over the last decade, according to the documents and people familiar with the matter. Just last week, POLITICO revealed that suspected Russian hackers stole thousands of emails from the department in recent months.

Food banks, passing on passports, governors’ shots: News from around our 50 states

  Food banks, passing on passports, governors’ shots: News from around our 50 states How the COVID-19 pandemic is affecting every stateStart the day smarter. Get all the news you need in your inbox each morning.

The GAO — Congress’s investigative and auditing body — launched the probe in October 2020 at the request of the top two members of the Senate Foreign Relations Committee, according to a letter from GAO officials to the State Department’s chief information officer dated March 30, 2021. The office is assessing State’s ability to protect its systems and networks, the letter says.

Specifically, the GAO is examining whether the security of the State Department’s information technology systems meet federal requirements and how State manages and responds to cybersecurity threats.

Vijay D’Souza, the GAO’s director for Information Technology and Cybersecurity, confirmed to POLITICO that the GAO “has a review underway of State Department cybersecurity practices under the request of the Senate Foreign Affairs Committee.” He added that last week’s letter to the State Department “was part of our standard request for documents,” and that GAO is “tentatively planning to issue a report toward the end of this year.”

Music festivals, Opening Day, casino clinics: News from around our 50 states

  Music festivals, Opening Day, casino clinics: News from around our 50 states How the COVID-19 pandemic is affecting every stateStart the day smarter. Get all the news you need in your inbox each morning.

Around the time GAO launched its probe, suspected Russian hackers had been rummaging around State Department email servers and managed to steal thousands of emails from the department’s Bureau of European and Eurasian Affairs and Bureau of East Asian and Pacific Affairs, as POLITICO reported.

The hacking campaign was at least the third known Kremlin-backed breach on the department’s email server in under a decade. Russian hackers also managed to penetrate State Department networks in 2014 and 2015. The then-National Security Agency deputy director said officials there engaged in “hand-to-hand combat” to secure State’s emails in 2014.

Experts also fear the Covid-19 pandemic has exacerbated the cybersecurity risk because many federal employees have been working remotely, on less secure systems, since last year.

The recent State Department email thefts occurred simultaneous to the infamous SolarWinds attack — a wide-reaching espionage campaign by suspected state-sponsored Russian hackers that targeted federal and private entities via a vulnerability in a commonly used computer software.

Disney smiles, boardwalk shots, parklet program: News from around our 50 states

  Disney smiles, boardwalk shots, parklet program: News from around our 50 states How the COVID-19 pandemic is affecting every stateStart the day smarter. Get all the news you need in your inbox each morning.

The State Department has said it “takes seriously its responsibility to safeguard its information and continuously takes steps to ensure information is protected.” And in one response sent to the GAO late last month, enclosed in the March 30 letter, the department pointed out that its Inspector General, a position currently held in an acting capacity by Diana Shaw, “conducts a yearly audit of the Department’s cybersecurity program” and that State uses a framework developed by the National Institute of Standards and Technology to protect its infrastructure.

But the GAO letter says it still needs key documents from the department “to understand the department’s IT systems and networks and analyze their implementation.”

“The information also is needed to determine, among other things, the capability of the systems and networks to monitor, identify, discover, and respond to cybersecurity events and incidents,” the officials wrote.

State has resisted handing over some materials, according to the letter, arguing they are outside of GAO’s scope. "The Department is aware of the recent GAO request and is working to respond," said a State Department spokesperson.

GAO has given State a deadline of April 9 to hand over nearly 50 outstanding documents, including complete inventory lists of all software and hardware assets used domestically and at U.S. embassies and other posts, an inventory list of “all applications/data that have been migrated to the cloud environment,” and a list of all incidents reported by State to the Department of Homeland Security’s Computer Emergency Readiness Team in 2019, 2020, and 2021.

The most recent document request was sent on March 12, for a copy of the last three cybersecurity daily briefs received by the department’s Chief Information Officer.

Don Jr. denies Trump family misused inauguration funds .
Melania's former best friend and aide Stephanie Winston Wolkoff claims she raised concerns about pricing with Trump, Ivanka and Rick Gates, a top campaign official at the time. But Don Jr. says in the deposition, 'I had no involvement with her.' 'I know of her. I think I've met her but I don't know her,' Don Jr. said of the event planner.Don Jr. was deposed on February 11 by the attorney general who claims the committee 'blatantly and unlawfully abusing nonprofit funds to enrich the Trump family.' © Provided by Daily Mail Washington D.C.

usr: 2
This is interesting!