The Foreign Service Journal, December 2005

A Complex Threat Indeed, there appears to be no letup in the volume of cyber- threats facing the State Depart- ment. According to an August 2005 press briefing, State had already blocked approximately 3.8 million computer viruses so far this year. But while the depart- ment’s arsenal of cybersecurity technologies and practices — fire- walls, anti-virus software, patch management and the like — have helped to fend off electronic attacks, significant ques- tions persist regarding the effectiveness of its overall cybersecurity posture. There is certainly no lack of awareness about the mag- nitude of the threat. As far back as 1998, a Govern- ment Accountability Office report found that “State’s information systems and the information contained with- in them are vulnerable to access, change, disclosure, disruption or even denial of services [attacks] by unauthorized individuals.” But six years later, in a 2004 cybersecurity report card for 24 fed- eral agencies, the Government Reform Committee — a key over- sight committee of the U.S. House of Representatives — gave the State Department a “D+” for cybersecurity. Though it repre- sents an improvement over the “F” the department received in 2003, the low score suggests that it is having trouble implementing the cybersecurity mandates of the Federal Information Security Management Act. Passed as part of the E-Government Act of 2002, FISMA builds upon prior federal law and requires agencies to implement policies and procedures covering a range of cybersecurity issues. F O C U S D E C E M B E R 2 0 0 5 / F O R E I G N S E R V I C E J O U R N A L 45 According to an August 2005 press briefing, State had already blocked approximately 3.8 million computer viruses so far this year.