Vijay A., Director of Information Technology and Cyber Security. “There is a continuous audit of the cyber security practices of the State Department in the Government Accountability Office,” D’Souza said. To be completed in a time bound manner.
The investigation was launched in October 2020 at the request of MPs on the Senate Foreign Relations Committee.
In a March 30 letter to Keith Jones, the State Department’s chief information officer, D’Souza, described the investigation as focusing on the department’s ability to manage hacking risks and to respond to and recover from cyber security incidents . The letter, a copy of which was obtained by CNN, describes how the GAO has struggled to obtain what the documents needed to conduct the evaluation.
D’Souza wrote, “While we have received some requested documents, in many cases, that production has taken more than two months.” “Late [the department] In providing the requested information, it is preventing Congress to complete our work on time. ”
Weeks later, Microsoft said it found evidence of a far-reaching security vulnerability in its on-premises Exchange Server software, which affected thousands of systems worldwide.
However unrelated twin incidents have prompted within the US government to assess cybersecurity risks and develop new policies designed to reduce the nation’s cybersecurity. Within weeks, the Biden administration is expected to unveil an executive order that imposes new security requirements on US agencies, such as the use of encryption mandates and multi-factor authentication.
According to Anne Neuberger, deputy national security adviser and top cyber official of the White House, the administration hopes to establish cybersecurity standards for federal software vendors and use the government’s immense purchasing power.
Speaking on Wednesday at an event organized by the Council on Foreign Relations, Neuberger said the White House is considering that there is a kind of National Transportation Security Board for cybersecurity. Such an organization can help review key information security incidents and make a commitment to “say that we will learn from each happening.”
Neuberger said the administration is preparing an initiative to toughen the cyber security of industrial control systems that control electricity, water and other critical infrastructure.
“We are trying to gain visibility on those networks so that untimely cyber behavior can be detected and inconsistent cyber behavior can be blocked”, Neuberger said. “Today, we can’t rely on those systems because we don’t have visibility into those systems. And we need visibility of those systems because of the significant consequences if they fail or if they degrade.”