Bipartisan group of senators urge State to employ basic cybersecurity measures

Bipartisan group of senators urge State to employ basic cybersecurity measures
© Anna Moneymaker

A bipartisan group of senators is pressing the State Department to adopt what they call basic cybersecurity measures and are criticizing the agency for not employing multifactor authentication measures to protect employees against cyberattacks.

Sens. Ron WydenRonald (Ron) Lee WydenHillicon Valley: NYT says Rosenstein wanted to wear wire on Trump | Twitter bug shared some private messages | Vendor put remote-access software on voting machines | Paypal cuts ties with Infowars | Google warned senators about foreign hacks Overnight Health Care: Opioids package nears finish line | Measure to help drug companies draws ire | Maryland ObamaCare rates to drop Google says senators' Gmail accounts targeted by foreign hackers MORE (D-Ore.), Cory GardnerCory Scott GardnerSome employees' personal data revealed in State Department email breach: report Colorado governor sets up federal PAC before potential 2020 campaign Hillicon Valley: Trump signs off on sanctions for election meddlers | Russian hacker pleads guilty over botnet | Reddit bans QAnon forum | FCC delays review of T-Mobile, Sprint merger | EU approves controversial copyright law MORE (R-Colo.), Ed MarkeyEdward (Ed) John MarkeyOvernight Defense: Mattis dismisses talk he may be leaving | Polish president floats 'Fort Trump' | Dem bill would ban low-yield nukes Dems introduce bill to ban low-yield nukes Some employees' personal data revealed in State Department email breach: report MORE (D-Mass.), Rand PaulRandal (Rand) Howard PaulA Senator Gary Johnson could be good not just for Libertarians, but for the Senate too Conservatives left frustrated as Congress passes big spending bills Senate approves 4B spending bill MORE (R-Ky.), and Jeanne ShaheenCynthia (Jeanne) Jeanne ShaheenSome employees' personal data revealed in State Department email breach: report Dems seek ways to block Trump support for Saudi-led coalition in Yemen Hillicon Valley: Trump signs off on sanctions for election meddlers | Russian hacker pleads guilty over botnet | Reddit bans QAnon forum | FCC delays review of T-Mobile, Sprint merger | EU approves controversial copyright law MORE (D-N.H.) on Tuesday sent a letter that urged Secretary of State Mike PompeoMichael (Mike) Richard PompeoRosenstein report gives GOP new ammo against DOJ Pompeo rejects ‘good cop, bad cop’ characterization of Russia strategy Pompeo: 'Enormous mistake' for Iran to blame US, allies for attack on military parade MORE to employ more multifactor authentication measures to secure the agency's information systems.

Multifactor authentication helps protect against phishing attacks that usually aim to steal user data.

ADVERTISEMENT

“We are sure you will agree on the need to protect American diplomacy from cyber attacks, which is why we have such a hard time understanding why the Department of State has not followed the lead of many other agencies and complied with federal law requiring agency use of [multifactor authentication],” the senators wrote to Pompeo.

 “The Department of State’s Inspector General (IG) found last year that 33% of diplomatic missions failed to conduct even the most basic cyber threat management practices, like regular reviews and audits. The IG also noted that experts who tested these systems ‘successfully exploited vulnerabilities in email accounts of Department personnel as well as Department applications and operating systems,’ ” the letter continues.

The lawmakers asked Pompeo what State has done to boost its security after the Office of Management and Budget designated the agency's cyber readiness as “high risk,” how the agency will address the lack of multifactor authentication that is required by law and for statistics that detail the department's cyber incidences over the last three years.

The lawmakers asked Pompeo to answer these questions by Oct. 12.

The letter comes amid heightened concern that hostile nation states like Russia and Iran are seeking to target the U.S. through digital means, particularly ahead of the upcoming midterm elections.

Recently, Director of National Intelligence Dan CoatsDaniel (Dan) Ray CoatsDem lawmakers slam Trump’s declassification of Russia documents as ‘brazen abuse of power’ Nunes: Russia probe documents should be released before election The Hill's Morning Report — Sponsored by Better Medicare Alliance — Cuomo wins and Manafort plea deal MORE declared that the “warning lights are blinking red again” on Russians attempting to carry out cyberattacks during the midterms.

U.S. intelligence agencies say Kremlin hackers used phishing attacks during the heated 2016 presidential race to target political campaigns. 

In July it was reported that Russian hackers had targeted Sen. Claire McCaskillClaire Conner McCaskillNelson campaign to donate K from Al Franken group to charity 'Kavanaugh' chants erupt at Trump rally in Missouri The Hill's Morning Report — Sponsored by United Against Nuclear Iran — Kavanaugh, accuser say they’re prepared to testify MORE's (D-Mo.) office with phishing emails.

That report came after special counsel Robert MuellerRobert Swan MuellerSasse: US should applaud choice of Mueller to lead Russia probe MORE indicted 12 Russian intelligence officers in the hacking of the Democratic National Committee in 2016 in charges related to his ongoing probe of Moscow's election interference.