Thursday, April 8, 2021

Federal Watchdog Investigating State Department Cybersecurity Practices

An Independent Government Watchdog is conducting a wide-ranging Probe into the State Department's Cybersecurity Practices, including how it Manages and Responds to Cyber Threats, the Investigating office confirmed on Thursday.

The Government Accountability Office (GAO) "does have an ongoing audit of the State Department's cybersecurity practices," Director for Information Technology and Cybersecurity, Vijay A. D'Souza, said, adding that he has been in Contact with the Department and is "optimistic" the Investigation will be completed in a timely manner.

The Investigation was launched, in October 2020, at the Request of Lawmakers on the Senate Foreign Relations Committee.

In a March 30th 2021, letter to Keith Jones, the State Department's Chief Information Officer, D'Souza described the Investigation as being focused on the Department's Capacity for Managing Hacking Risks and Responding to and Recovering from Cybersecurity Incidents. The letter Outlines how the GAO has Struggled to obtain what it said were the necessary Documents for conducting the Assessment.

"While we have received some of the requested documents, in many cases, that production has taken over two months," D'Souza wrote. "The delays by [the department] in providing the requested information are preventing our carrying out our work for the Congress in a timely manner."

"The Department is aware of the recent GAO request and is working to respond," a State Department Spokesperson said.

The Biden Administration has faced mounting Pressure to respond Quickly to the Hacking Risks posed by Foreign Adversaries, in the wake of High-Profile Incidents that widely affected the Public and Private Sectors.

In December 2020, revelations of a Sophisticated Hacking Campaign set off Alarm Bells across Washington. That Campaign, which U.S. Officials later said was likely Russian in origin, Compromised Nine Federal Agencies and Dozens of Private Companies through an Unwitting Software Vendor, SolarWinds. So,e Businesses had be Hacked before they Loaded SolarWinds.

Weeks later, Microsoft said it found Evidence of a far-reaching Security Vulnerability in its On-Premises Exchange Server Software, which affected Tens of Thousands of Systems around the world.

The twin Incidents, though Unrelated, have prompted a Scramble within the U.S. Government to assess Cybersecurity Risks and to Develop New Policies designed to Shore-Up the Country's Cyber Defenses. Within weeks, the Biden Administration is expected to Unveil an Executive Order that imposes New Security Requirements on U.S. Agencies, such as Encryption Mandates and the use of Multi-Factor Authentication.

The Administration is also expected to establish Cybersecurity Standards for Federal Software Vendors and use the Government's immense Procurement Power to Reshape the Software Market to Prioritize Network Security, according to Anne Neuberger, Deputy National Security Adviser and the White House's Top Cyber Official.

Speaking, on Wednesday, at an Event hosted by the Council on Foreign Relations, Neuberger said another idea the White House is considering is a kind of National Transportation Safety Board for Cybersecurity. Such an Organization could help Review Major Information Security Incidents and to "make that commitment to say we will learn from each thing that occurs."

Neuberger added the Administration is preparing an Initiative to Harden the Cybersecurity of Industrial Control Systems that Govern Power, Water, and other Critical Infrastructure.

The coming push follows a High-Profile attempted Cyberattack in February 2021 against a Water Treatment Plant in Florida. Though the Attack was Unsuccessful, it Highlighted some of the Weaknesses in America's Utilities Infrastructure.

"We're seeking to have visibility on those networks to detect anomalous cyber behavior and to block anomalous cyber behavior," Neuberger said. "Today, we cannot trust those systems because we don't have the visibility into those systems. And we need the visibility of those systems because of the significant consequences if they fail or if they degrade."

NYC Wins When Everyone Can Vote! Michael H. Drucker

No comments: