Now the White House policy is hitting the State Department’s ability to keep secrets from our enemies.
Weeks before the State Department’s Nov 16 shutdown of its unclassified email system in the face of unprecedented hacking attacks, auditors took the department’s management to task for ignoring warnings about their lax security habits and chronic failure to enact protections against high-tech intruders.
The situation was so bad, the auditors say in a highly censored report, that they “identified control deficiencies across a total of 102 different systems reviewed over five years, yet many of the same deficiencies have persisted.”
State’s leadership, though, claims it’s no big deal, and certainly not as bad as the auditors say.
The State’s bureaucracy disputes the audit’s finding that State’s info-tech weaknesses amount to a “significant deficiency” in its security….
And anyway, according to State’s Chief Information Officer Steven Taylor,
[W]e have created a foundation for correcting several existing weaknesses and an ability to address new issues as they arise.
Talking about talking. Never mind that the auditors noted that
OIG [State’s Office of the Inspector General] has reported deficiencies related to risk management since its FY 2010 audit. Many of the same deficiencies remained uncorrected in FY 2014.
And
[W]e identified control deficiencies across a total of 102 different systems reviewed over 5 years, yet many of the same deficiencies have persisted.
These all are highly intelligent people, professionals in their field, who surely know what they’re doing—and not doing. I have to wonder about the motivations behind their decision to talk, but not act.