State Dept. cybersecurity still lagging, audit finds

State Dept. cybersecurity still lagging, audit finds
© Getty Images

The State Department is not meeting federal information security requirements, potentially endangering the sensitive data it protects, according to an audit commissioned by the agency’s inspector general.

Released Friday, the report credited the State Department for making significant improvements over the last few years. But auditors said they “continued to find that the agency was not in compliance” with numerous government standards.


The investigators blamed the lack of authority given to the chief information officer (CIO) as a major reason for the shortcomings. For instance, the department's various bureaus and offices do not have to relay cybersecurity shortcomings to the CIO, making it difficult to secure the entire network.

“The CIO is not properly positioned within the organization to ensure that the Department’s information security program is effective,” said the heavily redacted report, conducted by law firm Williams Adley & Company.

The State Department’s cybersecurity has been under scrutiny in recent months, after it was revealed that former Secretary of State Hillary ClintonHillary Diane Rodham ClintonDemocrats battle for Hollywood's cash The House Judiciary Committee's fundamental choice Sanders, Omar to hit campaign trail in New Hampshire MORE exclusively used a personal email server during her time leading the agency.

Cybersecurity experts have unanimously insisted Clinton’s email setup could never compete with the State Department’s security, even with its deficiencies.

But one pro-Clinton super-PAC has been pushing the argument that the Democratic presidential front runner may have actually been more safe on her personal system.

The group, Correct the Record, noted in September that there is no evidence that Clinton’s server or account were ever infiltrated — and the State Department can’t say the same.

“The U.S. government has been hacked on numerous occasions, compromising even the most sensitive of information,” Correct the Record said. “Anyone who attempts to argue that the contents of Hillary Clinton’s email would have been more secure on a government server must contend with these facts.”

The FBI and a congressional committee are currently investigating whether Clinton’s email was ever compromised.

The State Department is far from an outlier among federal agencies when it comes to cybersecurity. A September Government Accountability report found “persistent weaknesses” in the information security policies and practices at 24 agencies.