State IG finds lack of IT contingency plans overseas

More than two-thirds of overseas diplomatic posts reviewed by the State Department inspector general had "deficiencies" in contingency plans for their IT operations in fiscal years 2014 and 2015.

Consulates and embassies are expected to be able to restore connectivity in the event of disruptive events such as network intrusions or inclement weather. But the IG found a range of issues with 20 of the 29 posts it reviewed. Some staff at foreign posts were not developing, updating or testing IT contingency plans, and some plans lacked key contact information for emergencies, contrary to Foreign Affairs Manual requirements.

The U.S. embassy in Mexico City had to rely on IT contingency plans after Mexico was hit by a hurricane in September 2014, according the report. The embassy's study of the episode "noted that attention needed to be placed on ensuring that key personnel were included in IT contingency plan testing exercises,"

The report advises State to make IT contingency planning an explicit responsibility in work requirements. The IG's review of evaluation reports for senior IT personnel at embassies and consulates found that only 12 percent of those reviewed "had a stated work requirement to develop and test IT contingency plans."

This is not the first time the agency's IG has flagged slack IT contingency plans. The IG sent a 2011 memo to State's Bureau of Information Resource Management on the issue. In response, the bureau said it was planning to implement a tracking mechanism and create a SharePoint site for compliance monitoring, according to the IG report. Four years later, however, those promises remained unfulfilled.