A bipartisan group of Senators want the State Department to adopt what they refer to as basic cybersecurity measures to protect against phishing, hacks and other cyberattacks, in a letter released today.

Sens. Ron Wyden, D-Ore., Cory Gardner, R-Colo., Ed Markey, D-Mass., Rand Paul, R-Ky., and Sen. Jeanne Shaheen, D-N.H., in their letter stated this is in reaction to multiple reports from outside auditors highlighting the department’s failure to adopt measures like multifactor authentication and regular security audits which are mandated by the Federal Cybersecurity Enhancement Act,

The bipartisan group of five senators raised their concerns in a joint letter to Secretary of State Mike Pompeo.

“The Department of State’s Inspector General (IG) found last year that 33% of diplomatic missions failed to conduct even the most basic cyber threat management practices, like regular reviews and audits.  The IG also noted that experts who tested these systems ‘successfully exploited vulnerabilities in email accounts of Department personnel as well as Department applications and operating systems,’” the senators wrote.

The senators asked for responses to the following three questions by October 12.

  • What actions has the Department of State taken in response to the OMB’s designation of the Department of State’s cyber readiness as “high risk”?
  • What actions has the Department of State taken to rectify the near total absence of multifactor authentication systems for accounts with elevated privileges accessing the agency’s network, as required by federal law?
  • Statistics for each of the past three years, detailing the number of cyberattacks against Department of State systems located abroad.