IG report highlights IT shortfalls at State

The State Department spent about $1.4 billion on IT this year. Yet a number of cybersecurity incidents show shortfalls in its efforts to protect its computer networks, the Office of Inspector General said in its semiannual report to Congress.

"Malicious actors exploited vulnerabilities, potentially compromising sensitive information and significant downtime to normal business operations," the report states.

It covers the OIG's oversight activities for the State Department and the Broadcasting Board of Governors from April 1 to Sept. 30 of this year. The IG sought to highlight challenges and provide recommendations.

According to the inspectors, 11 U.S. overseas missions and one domestic bureau had information security and management deficiencies. They said they also found "significant program challenges with the department's security program for wireless networks."

Furthermore, information systems security officers do not "perform their duties adequately," and that failure "leaves a system vulnerable to a wide range of threats, such as spear-phishing attacks," according to the report.

The OIG issued more than 42 recommendations to fix issues related to IT management, cybersecurity, access controls, configuration management and encryption.

One challenge for the State Department appears to be related to IT contingency planning. In six inspections of overseas missions, the auditors found numerous problems.

"Instability in many regions of the world and recent attacks and threats against the department's personnel and diplomatic facilities demonstrate the need for contingency planning and readiness to respond to crises in order to maintain communications and continuity of business operations," the report states.

For example, the OIG recommended that the U.S. embassy in Baghdad create a tracking system to record and monitor the location and condition of loaned personal property. The report notes that the embassy has taken some action on this but did not agree with the recommendations.

Auditors also found problems with security at U.S. diplomatic facilities overseas, weaknesses in oversight of humanitarian funds given to other countries, and deficiencies in contract and grant management.