State Department system containing classified, personal information still riddled with security gaps

EXCLUSIVE: More than three years after U.S. Army Pvt. Bradley Manning handed over hundreds of thousands of sensitive State Department cables to WikiLeaks, the departments inspector general has warned in stark terms that State has done little since 2010 to fix an info-tech system that is riddled with security gaps, and has no plan yet for how to fix it.

At risk, the IG says, is not onlyclassified information vital to the preservation of national security in high-risk environments across the globe,but the personal information on file concerning about 192 million American passport-holders.

The public version of the inspector generals accusations -- contained in an unprecedented management alert to States top officials and in the managerial responses to the alert -- have been heavily redacted for security reasons.

The alert was circulated in the State Department bureaucracy in November. After a back-and-forth process between department managers and the IGs office, it became accessible to outsiders in mid-January.

CLICK HERE FOR THE ALERT

The problems it describes, however, have been festering far longer than that. Among other things, the alert says that:

-- between 2011 and 2013 alone, six lengthy and detailed reports on information security (five by States inspector generals office, and one by the Government Accountability Office) have found recurring weaknesses in a wide variety of cyber-security issues, including how State hands out and keeps track of passwords; certifies whether information systems are authorized to operate securely; protects its hardware, files and operating systems from hackers or other unauthorized users; and how it scans its systems to detect wayward patterns of behavior.

--In most cases, despite repeated warnings, State Department bureaucrats have not formally reported the shortcomings to other federal agencies, including Homeland Security, though the inspector generalargues it is obligated to do so.

--Nor, the watchdog says, has the department remediated the identified vulnerabilities and risks. Translation: it hasnt done anywhere near enough to fix things, and, in some cases, nothing at all.

--One reason is that portions of the bureaucracy that are specifically tasked with handling information security issues have already been identified by the inspector generals office as part of the problem. Among other things, the alert references a previous IG report on the Bureau of Information Resource Management (IRM), a section of the State Department, where, the alert delicately says, it identified a number of conditions that required managements attention.

See the original post:
State Department system containing classified, personal information still riddled with security gaps