The Department of State (DS) Foreign Affairs Cybersecurity Center (FACC) is working with the Bureau of Information Resource Management (IRM) to create a joint office for cybersecurity.
The FACC, a branch of the State Department in Beltsville, Md., works to understand cyber threats in the entire foreign affairs community. The office grew from a cyber-monitoring center to the central office for cyber issues in foreign affairs over the past two decades. The FACC takes recommendations from the Department of Homeland Security and the National Security Agency to continue to grow in order to respond to threats and vulnerabilities.
“We are very excited that, in the near future, IRM staff will be working at the FACC, creating a joint Security Operations Center for the department,” Mary Stone Holland, director of the Office of Cybersecurity at the State Department, said in a blog post. “This close partnership will result in real-time collaboration and more efficient operational remediation.”
The State Department’s cybersecurity team is responsible for 100,000 users worldwide at 27 embassies and 190 consulates. The State Department uses a “defense-in-depth” approach to use analytics, tools, and operational programs to find security holes and patch them.
“The defense-in-depth approach enables us to maximize the full gamut of DS expertise…to quickly detect, react, respond to, and mitigate security issues that may jeopardize the department’s diplomatic mission,” Holland said. “It has to be a team effort because our cyber protection surface is expanding rapidly.”
The Office of Cybersecurity has expanded its policies in order to include mobile computing, cloud computing, and social media use. The office handles awareness of cybersecurity issues, network intrusion detection, compliance verification, vulnerability assessment, penetration testing, incident handling, threat analysis, and the Regional Computer Security Officer program.
Even though the Department of State’s cybersecurity team has grown over the past 20 years, the agency relies mostly on users to protect their systems.
The Office of Cybersecurity at the State Department conducts training programs, briefings, and emails, which give users tips on how to remain secure online. This year, the State Department is working with the IRM and DHS to spread information about how to protect critical online infrastructure during Cybersecurity Awareness Month.
“While this monthlong campaign aims to highlight online safety tips, users should practice these habits all year long as well,” Holland said.