Senators want to know why the State Department isn’t using basic cybersecurity protections.
In a letter sent to Secretary of State Mike Pompeo on Tuesday, a bipartisan group of five senators called out the department’s poor cybersecurity practices.
The agency was required to adopt multi-factor authentication for all accounts with “elevated privileges” as part of the Federal Cybersecurity Enhancement Act. An inspection found that only 11 percent of required agency devices actually enabled it, according to the letter.
The State Department did not respond to a request for comment immediately.
Cybersecurity has become a major concern for government officials as nation-state hackers from countries like North Korea, Russia and Iran set their sights on the US for espionage and cyberattacks. These hacks, which have infiltratedand in the past, give spies an opening for future attacks. As these cyberattacks are often , it’s alarming for the group of senators that the State Department isn’t meeting federal cybersecurity standards.
In another investigation, the Department of State’s Inspector General found that security experts were able to successful exploit vulnerabilities from the agency’s email accounts, as well as its applications and operating systems.
The senators noted that a simple password is not enough to protect State Department email accounts anymore.is a simple security measure that requires two forms of verification — like a password and a PIN code, for example — to gain access to an account. It’s a security measure used so that even if hackers steal your password, it’ll be harder to hijack an account.
“We are sure you will agree on the need to protect American diplomacy from cyber attacks, which is why we have such a hard time understanding why the Department of State has not followed the lead of many other agencies and complied with federal law requiring agency use of MFA,” the letter writes.
The letter is signed by Sen. Ron Wyden, a Democrat from Oregon, Sen. Cory Gardner, a Republican from Colorado, Sen. Ed Markey, a Democrat from Massachusetts, Sen. Rand Paul, a Republican from Kentucky, and Sen. Jeanne Shaheen, a Democrat from New Hampshire.
They’ve sent three questions to Sec. Pompeo, and are requesting answers by October 12. They are:
- What actions has the Department of State taken in response to the OMB’s designation of the Department of State’s cyber readiness as “high risk”?
- What actions has the Department of State taken to rectify the near total absence of multifactor authentication systems for accounts with elevated privileges accessing the agency’s network, as required by federal law?
- Please provide us with statistics, for each of the past three years, detailing the number of cyber attacks against Department of State systems located abroad. Please include statistics about both successful and attempted attacks.