A State Department Office of Inspector General (OIG) report released Dec. 9 revealed information security and management deficiencies at 11 overseas missions and one domestic bureau as well as other issues.
Despite the department spending about $1.4 billion in information technology (IT) in FY ’15, the OIG report (Semiannual Report to the Congress, April 1, 2015, to September 30, 2015) said cybersecurity incidents included malicious actors exploiting vulnerabilities, potentially compromising sensitive information and significant downtime to normal operations.
“Inspectors found information-technology and cybersecurity deficiencies at every overseas mission and domestic bureau inspected during this reporting period. OIG issued more than 40 recommendations to address the deficiencies. OIG also identified significant program challenges with the Department’s security program for wireless networks,” Steve Linick, Inspector General of the State Department, wrote in the report’s opening message.
The OIG also found that information systems security officers (ISSOs) did not perform their duties adequately, leaving systems vulnerable to threats including spear-phishing attacks. ISSO duties involved reviewing event logs, randomly checking user libraries, and reminding users of security awareness.
The office issued 42 recommendations concerning IT management and cybersecurity, including access controls, configuration management, and encryption, the report said.
OIG also highlighted the importance of IT contingency planning for State Department facilities and how it remains a management challenge.
“In six inspections of overseas missions conducted during this reporting period, OIG identified numerous contingency planning deficiencies,” the report said.
“Instability in many regions of the world and recent attacks and threats against the Department’s personnel and diplomatic facilities demonstrate the need for contingency planning and readiness to respond to crises in order to maintain communications and continuity of business operations.”
The semiannual report summarizes the work of the OIG for the reporting period stated. OIG is responsible for oversight of over $40 billion in department programs and operations in addition to $750 million in Broadcasting Board of Governors (BBG) operations. During the reporting period the OIG issues 66 total reports on various issues that included recommendations to improve programs and operations, the report said.