"This report reads like a what-not-to-do list from every policy, program, and contracting perspective."
The State Department has
plenty of important secrets—classified cables, foreign policy
directives, embassy plans, and more. It also has a department (with a
nine-word name) responsible for protecting those secrets from hackers:
the Bureau of Information Resource Management's Office of Information
Assurance. Yet according to an unusually scathing new report
from the State Department's inspector general, this "lead office" for
cybersecurity is so dysfunctional and technologically out-of-date that
Foggy Bottom may be open to cyberattack.
The IG's audit of the cybersecurity office, which took place earlier
this year, concluded that the office "wastes personnel resources," is
unequipped to monitor $79 million in contracts, "has no mission
statement," and "is not doing enough and is potentially leaving
Department systems vulnerable." The report notes that department
employees usually cannot find the head of the bureau because he's often
not in the office, and as a result, they don't know what their work
priorities are. The IG report notes that because of these problems,
other parts of the department have to pick up the slack.
"This report reads like a what-not-to-do list from every policy,
program, and contracting perspective," says Scott Amey, the general
counsel for the Project On Government Oversight, a nonprofit watchdog
group where I used to work. "With stories about foreign entities hacking
US government systems and questions about non-authorized access to
classified information, this latest IG report causes major concerns
about the State Department’s ability to protect government systems."
For the rest of the story: http://www.motherjones.com/politics/2013/07/state-departments-anti-hacking-office-total-mess
No comments:
Post a Comment