A group of five bipartisan senators recently urged the State Department to adopt cybersecurity measures to protect against phishing and other cyberattacks.
The letter to Secretary of State Mike Pompeo follows multiple reports by the Office of Inspector General that outside auditors found the State Department failed to adopt security measures mandated by the Federal Cybersecurity Enhancement Act.
Audits discovered 33 percent of diplomatic missions failed to conduct even the most basic cyber threat management practices, and the department has enhanced access controls on only 11 percent of required agency devices.
A password-only approach no longer is sufficient to provide security, the letter said.
The senators asked the State Departments to answer two questions by Oct. 12: What action has the State Department taken after its cyber readiness was defined as “high risk”? What action has the department taken to correct the near total absence of multifactor authentication systems for accounts with elevated privileges?
The department also was asked to provide statistics for the past three years detailing the number of cyberattacks, both successful and attempted, against the department’s overseas systems.
The letter was signed by Sens. Cory Gardner (R-CO), Ed Markey (D-MA), Rand Paul (R-KY), Jeanne Shaheen (D-NH), and Ron Wyden (D-OR).