State Dept. cybersecurity still lagging, audit finds
November 20, 2015
The State Department is not meeting federal information security requirements, potentially endangering the sensitive data it protects, according to an audit commissioned by the agency’s inspector general.
Released Friday, the report credited the State Department for making significant improvements over the last few years. But auditors said they “continued to find that the agency was not in compliance” with numerous government standards.
The investigators blamed the lack of authority given to the chief information officer (CIO) as a major reason for the shortcomings. For instance, the department's various bureaus and offices do not have to relay cybersecurity shortcomings to the CIO, making it difficult to secure the entire network.
“The CIO is not properly positioned within the organization to ensure that the Department’s information security program is effective,” said the heavily redacted report, conducted by law firm Williams Adley & Company.
The State Department’s cybersecurity has been under scrutiny in recent months, after it was revealed that former Secretary of State Hillary Clinton exclusively used a personal email server during her time leading the agency.
Cybersecurity experts have unanimously insisted Clinton’s email setup could never compete with the State Department’s security, even with its deficiencies.