• State Department Still Can’t Secure Email Network Months After Attacks Began

    February 24, 2015

    Tags: ,
    Posted in: Embassy/State

    State Department building

    The State Department will not confirm reports that a breach of its unclassified e-mail system discovered three months ago continues today.

    “I’m not getting into that level of detail,” State Department spokeswoman Jen Psaki said. “There are thousands of attacks from many sources that we deal with every single day, and a reason why I think there has been a focus on this particular incident is because of its extent and how broad it was. Obviously, we took steps to combat that, but it is something we work on every day.”

    The November Shutdown

    In November, the State Department shut down its unclassified e-mail system as a result of the hack. At the time, a senior department official said that the breach was detected in the system around the same time as a previously reported incident that targeted the White House computer network.

    The State Department, using outside contractors, has repeatedly scanned its network and continues to see signs of the hackers, the Wall Street Journal reports. Each time investigators find a hacker tool and block it, the intruders tweak it slightly to attempt to sneak past defenses.

    They Were Warned

    In January 2014, a State Department inspector general report said the integrity of the Department’s information security program is at significant risk because of recurring weaknesses the agency continues to fail to address. Among the recommendations was that the NSA conduct penetration tests on State Department systems. The State Department declined the NSA’s help, saying its own Diplomatic Security Service could conduct penetration tests.

    No Coordination

    Bruce Brody, a former Chief Information Security Officer (CISO) at both the Energy and Veterans Affairs departments, said he understands why hackers could be found lurking in systems months after their initial discovery. “Government agency networks are somewhat of a work in progress. Each agency has subordinate operating administrations, each of which has their own appropriation, and almost none of them fall under the governance of the Chief Information Officer. These networks all operate in their own way, usually with their own rules, with power and authority resembling medieval fiefdoms rather than coherent top-down management. Any bad guy can get into any government agency almost at will.”

    Related Articles:

    Copyright © 2020. All rights reserved. The views expressed here are solely those of the author(s) in their private capacity.

  • Leave A Comment

    Mail (will not be published) (required)