The US Department of State has largely failed to implement an effective cybersecurity risk program, auditors concluded in a report last week. That means a crucial arm of the American government is potentially wide open to cyberattacks it may not be able to identify or stop.
The State Department, which handles diplomacy and US foreign policy, wrote a risk management strategy for its IT security, the Government Accountability Office (GAO) said, and that's basically where the dept gave up. As a result, department-wide risks haven't actually necessarily been mitigated, there's no overall monitoring program in place, and IT infrastructure used by the department may not have been adequately secured.
"Until the department implements required risk management activities, it lacks the assurance that its security controls are operating as intended," the GAO said in its report. "Moreover, State is likely not fully aware of information security vulnerabilities and threats affecting future operations."
Still a bit of work to be done on implementing that risk management program ... Auditors' findings after looking into the State Dept's progress ... Click to enlarge
The State Department was among the federal government agencies that had data stolen by suspected Chinese snoops when the spies managed to gain access to Microsoft-hosted email services used by Uncle Sam. Some 60,000 unclassified messages belonging to State officials were swiped by the intruders, the department said.
"The department takes seriously its responsibility to safeguard its information and continuously takes steps to ensure in ..
Support the originator by clicking the read the rest link below.
