Tuesday, April 13, 2021

Federal Watchdog investigates cyber security practices of State Department


Vijay A., Director of Information Technology and Cyber ​​Security. “There is a continuous audit of the cyber security practices of the State Department in the Government Accountability Office,” D’Souza said. To be completed in a time bound manner.

The investigation was launched in October 2020 at the request of MPs on the Senate Foreign Relations Committee.

In a March 30 letter to Keith Jones, the State Department’s chief information officer, D’Souza, described the investigation as focusing on the department’s ability to manage hacking risks and to respond to and recover from cyber security incidents . The letter, a copy of which was obtained by CNN, describes how the GAO has struggled to obtain what the documents needed to conduct the evaluation.

D’Souza wrote, “While we have received some requested documents, in many cases, that production has taken more than two months.” “Late [the department] In providing the requested information, it is preventing Congress to complete our work on time. ”

“The department is aware of the recent GAO request and is working to respond,” a State Department spokesman told CNN. POLITICO THI To report first Sing inquiry.
The Biden administration has faced increasing pressure to quickly respond to hacking risks posed by foreign rivals in the wake of high-profile incidents widely affecting the public and private sectors. In December, the revelations a Sophisticated hacking campaign Danger bell rang all over Washington. The campaign, which US officials later said was originally Russian, tied up with SolarWind, an untighting software vendor, with nine federal agencies and dozens of private companies.

Weeks later, Microsoft said it found evidence of a far-reaching security vulnerability in its on-premises Exchange Server software, which affected thousands of systems worldwide.

However unrelated twin incidents have prompted within the US government to assess cybersecurity risks and develop new policies designed to reduce the nation’s cybersecurity. Within weeks, the Biden administration is expected to unveil an executive order that imposes new security requirements on US agencies, such as the use of encryption mandates and multi-factor authentication.

According to Anne Neuberger, deputy national security adviser and top cyber official of the White House, the administration hopes to establish cybersecurity standards for federal software vendors and use the government’s immense purchasing power.

Speaking on Wednesday at an event organized by the Council on Foreign Relations, Neuberger said the White House is considering that there is a kind of National Transportation Security Board for cybersecurity. Such an organization can help review key information security incidents and make a commitment to “say that we will learn from each happening.”

Neuberger said the administration is preparing an initiative to toughen the cyber security of industrial control systems that control electricity, water and other critical infrastructure.

The ensuing push is a high-profile effort against a cyber attack in February water treatment plant in Florida. Although the attack was unsuccessful, it exposed some weaknesses in the infrastructure of America’s utilities.

“We are trying to gain visibility on those networks so that untimely cyber behavior can be detected and inconsistent cyber behavior can be blocked”, Neuberger said. “Today, we can’t rely on those systems because we don’t have visibility into those systems. And we need visibility of those systems because of the significant consequences if they fail or if they degrade.”

.



Source link

Translate »