When it comes to fending off a Cyber-attack, Corporate America is heavily dependent upon the availability and knowledge of Cyber security experts, in order to fortify their owns lines of defense. But when it comes to strengthening our own national borders, that is where we depend upon the Federal Government and the current Presidential Administration we have on hand.
So far, I give Trump mixed reviews on how he has handled the state of affairs on Cyber security for this country. Yes, he has signed some key legislations on this topic, such as giving small businesses much more access at an affordable (and even free basis) price to Cyber security consulting firms.
This new piece of legislation even offers Federal Government assistance as well to these entities.
But when it comes to securing our own borders from Cyber attackers, I think Trump has failed miserably. Examples of this include the lack of his ability to appoint a national “Cyber Security Czar”, and his constant theme of building a wall on the US-Mexican border.
It is also a well-known fact that the Federal Government itself and all of the agencies have even poorer levels of Security themselves.
This was just revealed by five leading Senators today. In their memo, they indicated that the State Department is breaking the law by not using Two Factor Authentication (2FA) in both of its internal and external E-Mails that are sent out.
This particular memo was directed to the Secretary of State, Mike Pompeo, and they have demanded answers to come forth immediately.
The Senators whom sent this memo are as follows:
Also, the General Services Administration (GSA), supported this letter as well. They also conducted an internal audit at the State Department, and that 2FA related technologies have only been deployed across just 11% across its entire IT Infrastructure.
In fact, implementing 2FA is not just an option, but it is also a legal requirement as well under the Federal Cybersecurity Enhancement Act of 2016. More details about this legislation can be seen at this link:
However, this is not the only Security failing that the State Department has been blamed for. They have been accused as well of having extremely poor “Cyber Hygiene” by not conducting regular audits and reviews of the log files that reside on both their Database and E-Mail servers.
Worst yet, Penetration Testing teams (which include both Red and Blue teams) were also able to hack into E-Mail accounts and Server Operating Systems.
These five Senators have demanded from Mike Pompeo that they get answers to all of their questions by October 12th. Specifically, they want to know what actions have been taken or are currently being planned in order to bring down the State Department’s current ranking of “High Risk” to a much more acceptable level of it.
They also want immediate answers and what is going to be done quickly to implement 2FA technologies across of all its servers, workstations, and wireless devices.
My thoughts on this?
I am not at all surprised by this. I have to admit that the Federal Government on one side of the coin is trying to fortify our own national borders in terms of Cyber security, but on the other side, it is failing miserably to secure its own perimeters. So, in the end, what is the good for the Federal Government to claim to have strong, national borders when in of itself is a prime target for a Cyber attacker?
It makes no sense at all to me. Implementing 2FA should be a relatively easy task to do, and can be done quickly. These solutions are rather simple to deploy, all we are talking about here are software packages and perhaps either basic Fingerprint or Iris Recognition devices (if Biometrics is being used as one of the layers of defense).
In fact, it is not just the State Department that is deemed to be at “High Risk”, there are also 96 other Federal Government agencies that have this ranking as well.
So, to Mr. Trump, you may still chant to Hillary Clinton of “Lock Her Up” with her E-Mail fiasco when she was Secretary of State, and you may blame Obama all you want for the lack of Cyber security that yet you fail to seem to mandate.
I am not endorsing any political person, but at least Obama was aware of what 2FA is, and how important it is for the Federal Government agencies to implement it. During his term, he announced and even implemented a few 2FA initiatives, such as the “National 2FA Awareness Campaign”.
What is going to take to get the current Trump and his Administration to finally wake up and start to realize the extremely severe Security shortcomings of the Federal Government?
Another 9/11 type of attack? God, I hope not.