In a report by the Office of Inspector General (OIG) for the Department of State that identifies the most significant management and performance challenges, the OIG found information security and management as one of those seven challenges.
The OIG did acknowledge that State had made improvements to its information security program and has taken steps to address concerns regarding serious threats that can exploit and compromise sensitive information, but OIG said it “continues to identify significant issues that put Department information at risk.”
The report, conducted in accordance with the Reports Consolidation Act of 2000, finds that numerous control weaknesses affecting the information security programs effectiveness and increased vulnerability to cyberattacks continue to be a persistent issue.
“Specifically, an FY 2020 audit found that the Department lacked a fully mature organization-wide information security program based on evidence of security weaknesses identified in all eight areas of focus, including risk management, continuous monitoring, and contingency planning,” the report said.
User access controls were also identified as another cybersecurity issue found through OIG FY2020 work. OIG found that the Foreign Service Institute (FSI) grants wireless internet access to any on-campus user who accepts the Terms and Use Agreement on its opening login page. This makes it so FSI can’t determine who made particular connections since its access controls do not require users to take steps to identify themselves prior to the start of the wireless session.
Further, OIG stated in the report that it found records management deficiencies throughout FY2020. “The lack of an effective records management program could result in the loss of important data for historical insight into policy analysis, decision-making, and archival research,” OIG said.
To improve information and security management, State expanded its cyber risk framework, including FSI working with the Bureau of Information Resource Management to implement additional Wi-Fi security access protocols to mitigate potential misuse of the FSI network.
“The Department continues to deliver analytics products for assessing Department challenges and are enhancing data and analytics capacity, fostering a culture of data governance, and modernizing our technical infrastructure to support data and analytics,” State said in the report.