"This report reads like a what-not-to-do list from every policy, program, and contracting perspective."
The State Department has plenty of important secrets—classified cables, foreign policy directives, embassy plans, and more. It also has a department (with a nine-word name) responsible for protecting those secrets from hackers: the Bureau of Information Resource Management's Office of Information Assurance. Yet according to an unusually scathing new report from the State Department's inspector general, this "lead office" for cybersecurity is so dysfunctional and technologically out-of-date that Foggy Bottom may be open to cyberattack.
The IG's audit of the cybersecurity office, which took place earlier this year, concluded that the office "wastes personnel resources," is unequipped to monitor $79 million in contracts, "has no mission statement," and "is not doing enough and is potentially leaving Department systems vulnerable." The report notes that department employees usually cannot find the head of the bureau because he's often not in the office, and as a result, they don't know what their work priorities are. The IG report notes that because of these problems, other parts of the department have to pick up the slack.
"This report reads like a what-not-to-do list from every policy, program, and contracting perspective," says Scott Amey, the general counsel for the Project On Government Oversight, a nonprofit watchdog group where I used to work. "With stories about foreign entities hacking US government systems and questions about non-authorized access to classified information, this latest IG report causes major concerns about the State Department’s ability to protect government systems."
For the rest of the story: http://www.motherjones.com/politics/2013/07/state-departments-anti-hacking-office-total-mess