Bipartisan group of senators urge State to employ basic cybersecurity measures

Bipartisan group of senators urge State to employ basic cybersecurity measures
© Anna Moneymaker

A bipartisan group of senators is pressing the State Department to adopt what they call basic cybersecurity measures and are criticizing the agency for not employing multifactor authentication measures to protect employees against cyberattacks.

Sens. Ron WydenRonald (Ron) Lee WydenTrump trade deal likely to sow division in Democratic presidential field House GOP unveils alternative drug pricing measure ahead of Pelosi vote Pelosi gets standing ovation at Kennedy Center Honors MORE (D-Ore.), Cory GardnerCory Scott GardnerDemocrats spend big to put Senate in play Republicans consider skipping witnesses in Trump impeachment trial Group of veterans call on lawmakers to support impeachment, 'put country over politics' MORE (R-Colo.), Ed MarkeyEdward (Ed) John MarkeyWarren proposes 'Blue New Deal' to protect oceans There's a lot to like about the Senate privacy bill, if it's not watered down Trump administration drops plan to face scan all travelers leaving or entering US MORE (D-Mass.), Rand PaulRandal (Rand) Howard PaulOvernight Defense: House passes compromise defense bill | Turkey sanctions advance in Senate over Trump objections | Top general says military won't be 'raping, burning and pillaging' after Trump pardons Rand Paul: 'We need to re-examine' US-Saudi relationship after Florida shooting Senate panel advances Turkey sanctions bill despite Trump objections MORE (R-Ky.), and Jeanne ShaheenCynthia (Jeanne) Jeanne ShaheenSenate panel advances Turkey sanctions bill despite Trump objections Overnight Defense: Trump leaves door open to possible troop increase in Middle East | Putin offers immediate extension of key nuclear treaty Putin offers immediate extension of key nuclear treaty MORE (D-N.H.) on Tuesday sent a letter that urged Secretary of State Mike PompeoMichael (Mike) Richard PompeoPompeo: 'No mistake' Trump warned Russian diplomat about election tampering Trump admin hits Iranian shipping network, airline with new sanctions The Hill's Morning Report - Sponsored by AdvaMed - An unusual day: Impeachment plus a trade deal MORE to employ more multifactor authentication measures to secure the agency's information systems.

Multifactor authentication helps protect against phishing attacks that usually aim to steal user data.

ADVERTISEMENT

“We are sure you will agree on the need to protect American diplomacy from cyber attacks, which is why we have such a hard time understanding why the Department of State has not followed the lead of many other agencies and complied with federal law requiring agency use of [multifactor authentication],” the senators wrote to Pompeo.

 “The Department of State’s Inspector General (IG) found last year that 33% of diplomatic missions failed to conduct even the most basic cyber threat management practices, like regular reviews and audits. The IG also noted that experts who tested these systems ‘successfully exploited vulnerabilities in email accounts of Department personnel as well as Department applications and operating systems,’ ” the letter continues.

The lawmakers asked Pompeo what State has done to boost its security after the Office of Management and Budget designated the agency's cyber readiness as “high risk,” how the agency will address the lack of multifactor authentication that is required by law and for statistics that detail the department's cyber incidences over the last three years.

The lawmakers asked Pompeo to answer these questions by Oct. 12.

The letter comes amid heightened concern that hostile nation states like Russia and Iran are seeking to target the U.S. through digital means, particularly ahead of the upcoming midterm elections.

Recently, Director of National Intelligence Dan CoatsDaniel (Dan) Ray CoatsFormer US intel official says Trump would often push back in briefings Hillicon Valley: Amazon to challenge Pentagon cloud contract in court | State antitrust investigation into Google expands | Intel agencies no longer collecting location data without warrant Intelligence agencies have stopped collecting cellphone data without warrants: letter MORE declared that the “warning lights are blinking red again” on Russians attempting to carry out cyberattacks during the midterms.

U.S. intelligence agencies say Kremlin hackers used phishing attacks during the heated 2016 presidential race to target political campaigns. 

In July it was reported that Russian hackers had targeted Sen. Claire McCaskillClaire Conner McCaskillGinsburg health scare raises prospect of election year Supreme Court battle MSNBC's McCaskill: Trump used 'his fat thumbs' to try to intimidate Yovanovitch GOP senator rips into Pelosi at Trump rally: 'It must suck to be that dumb' MORE's (D-Mo.) office with phishing emails.

That report came after special counsel Robert MuellerRobert (Bob) Swan MuellerTrump says he'll release financial records before election, knocks Dems' efforts House impeachment hearings: The witch hunt continues Speier says impeachment inquiry shows 'very strong case of bribery' by Trump MORE indicted 12 Russian intelligence officers in the hacking of the Democratic National Committee in 2016 in charges related to his ongoing probe of Moscow's election interference.