Justin Bullock, FISM News
The US State Department was the target of a substantial cyberattack in recent weeks according to Fox News reporter Jacqui Heinrich via Twitter. The State Department released a statement saying that,
The Department takes seriously its responsibility to safeguard its information and continuously takes steps to ensure information is protected. For security reasons, we are not in a position to discuss the nature or scope of any alleged cybersecurity incidents at this time.
The State Department went on to say that their normal operations or critical involvement with the situation and evacuation in Afghanistan have not been impacted.
The State Department has been hit by a cyber attack, and notifications of a possible serious breach were made by the Department of Defense Cyber Command.
— Jacqui Heinrich (@JacquiHeinrich) August 21, 2021
This report comes after the State Department received an abysmal grade of “D,” the lowest grading possible, after a congressional audit on the State Department’s information security systems. The Committee on Homeland Security and Governmental Affairs for the US Senate published a staff report this month where they stated,
In June 2019, the Permanent Subcommittee on Investigations (Subcommittee) issued a bipartisan report title: Federal Cybersecurity: America’s Data at Risk (the 2019 Report). That report highlighted systemic failures of eight key Federal agencies to comply with Federal cybersecurity standards identified by agencies’ inspectors general. The 2019 Report documented how none of these eight agencies met basic cybersecurity standards and protocols, including properly protecting Americans’ personally identifiable information (PII); maintaining a list of the equipment and programs on agency networks; and promptly installing security patches to remediate vulnerabilities that hackers could exploit. The 2019 Report also highlighted that all eight agencies were operating legacy computer systems, which are costly to maintain and difficult to secure. Based on these findings, the Subcommittee determined that these eight Federal agencies were failing to protect the sensitive data they stored and maintained. This report revisits those same eight agencies two years later. What this report finds is stark. Inspectors general identified many of the same issue that have plagued Federal agencies for more than a decade. Seven agencies made minimal improvements, and only DHS managed to employ an effective cybersecurity regime for 2020. As such, this report finds that these seven Federal agencies still have not met the basic cybersecurity standards necessary to protect America’s sensitive data.