The State Department is failing to meet basic federal standards for cybersecurity on most of its devices, and a bipartisan group of Senators wants to know why. They are giving Secretary of State Mike Pompeo one month to respond with answers.
CNN:
The lawmakers sent a letter to Pompeo on Tuesday citing a General Services Administration report that found the State Department has deployed only "enhanced access controls," such as multi-factor authentication, or multiple steps to log in, across "11% of required agency devices."
The letter also referenced findings by the State Department inspector general, who found in 2017 "that 33% of diplomatic missions failed to conduct the most basic cyber threat management practices, like regular reviews and audits."
"We are sure you will agree on the need to protect American diplomacy from cyberattacks, which is why we have such a hard time understanding why the Department of State has not followed the lead of many other agencies and complied with federal law requiring the use of MFA (multi-factor authentication)," read the letter from Democratic Sens. Ron Wyden of Oregon, Ed Markey of Massachusetts and Jeanne Shaheen of New Hampshire and their Republican colleagues Sens. Cory Gardner of Colorado and Rand Paul of Kentucky.
(...)
Multi-factor or two-factor authentication usually requires users to enter a separate code after they enter their passwords when logging in to their email or social media accounts. The code is usually texted to the user or accessed through a mobile phone app.
The additional security step is offered by major tech giants including Google, Facebook and Twitter, and is designed to prevent a hack even if a user's password has been stolen.
As the midterm elections approach, some political campaigns and state election officials are using two-factor authentication in an attempt to avoid a repeat of the widespread Russian hacking seen in 2016.
(...)
The Democratic National Committee, which itself was allegedly successfully targeted by Russian hackers, according to a recent indictment from special counsel Robert Mueller's team, has advised candidates to use multi-factor authentication.
Senators quiz Pompeo on State Department's cybersecurity failures (CNN)