U.S. embassies abroad are vulnerable to hacking by cyber adversaries interested in snooping on U.S. foreign policymaking, according to two watchdog reports out late this week.
A Thursday report from the Government Accountability Office found that about one-quarter of State Department telecommunications device and software suppliers have supply chains that runs through China—and one supplier located in Russia.
That raises the specter of a major U.S. adversary implanting spying tools on embassy networks.
» Get the best federal technology news and ideas delivered right to your inbox. Sign up here.
None of those suppliers had extensive ties to the Chinese or Russian military or intelligence services, however, and none was heavily indebted to those nation’s governments.
A GAO review of State’s telecom contract winners found roughly 4 percent had Chinese suppliers. None had suppliers from Russia or other nations the U.S. considers a cyber threat.
While some telecoms manufacturers contract directly with the government to supply goods and services, telecom and other contracts are often managed by third parties that are specially organized to comply with rigorous government contracting guidelines.
The GAO findings were based on studying 52 out of 111 device manufacturers and software developers that support State’s “critical telecommunications capabilities” and 100 of the department’s telecom contract awardees that were randomly selected.
A separate report from the State Department’s inspector general released Friday found embassies frequently ignored cybersecurity shortfalls pointed out by their diplomatic security staff and found there was no standard process to force embassies to follow security officers’ recommendations.
Out of 50 times the IG inspected overseas posts for cyber vulnerabilities between 2014 and 2017, there were 18 instances in which a diplomatic security officer had already made the same recommendation, the report found.
U.S. embassy staff communicate regularly with their State Department counterparts about national and regional political and economic issues. Intercepting those communications would be highly valuable to an adversary such as China that’s interested in competing with the U.S. on a global scale.