10/28/13

State Dept. lacks basic cybersecurity

President Obama has called cybersecurity a top priority, but the State Department cable and messaging system, built and maintained — like the troubled ObamaCare system — mainly by large IT contractors, has routinely failed to meet basic security standards, according to internal documents obtained by BuzzFeed.
"Emails and other documents suggest security has been a standing problem in State Department systems, handling both classified and unclassified material, since at least 2009. Earlier this month, BuzzFeed reported on the department’s systemic and severe lack of security, including unsecured servers, workstations, unencrypted transfer of secret material, and the intermixing of classified and nonclassified information.
"These newly obtained documents add to the picture, revealing that the department lacks even a basic monitoring system to determine unauthorized access or modification of files. Security on the unclassified systems appears problematic, as there is potential access to classified information, even inadvertently, and back-door access to servers". More      [BJS]