“In its latest look at how the State Department manages itself, the Government Accountability Office found State has made a lot of progress against a long list of recommendations. But a few biggies, like embassy construction and cybersecurity, still need some real attention. Joining Federal Drive with Tom Temin for the rundown was the GAO’s Director of International Affairs and Trade Issues, Jason Bair…”
“Tom Temin: Okay. And I wanted to zero in on cybersecurity. That seems to be the federal topic of the day. It’s the one area where the new, for example, budget proposal from the Biden administration has a lot of detail because it’s kind of vague in some other areas., but it’s pretty clear about cybersecurity. What is State Department’s bouquet of issues that they need to deal with with respect to cyber?
Jason Bair: Yeah, so Tom, you’re totally right. I mean, this is kind of the issue of the day. And frankly, it’s not just a federal issue, the private sector, individuals, federal government, and especially the State Department face a whole variety of cybersecurity threats, and we’re on record as saying the entire government really needs to have an implemented national cybersecurity strategy. With specific regard to the State Department, we’ve honed in on three specific areas. The first is really focused on kind of a workforce issue, because as much as we think about cybersecurity as a technical capabilities issue, there’s a really critical human capital component too, and we think they need to have the data and information available to them about what their cybersecurity workforce looks like so that they can identify gaps and make sure that they’re putting in place the workforce that they need. The second is doing a better job of integrating enterprise risk management, which is kind of the broad look at what’s the set of risks that an agency faces into the cybersecurity risks and getting those cybersecurity risks documented as an important part of that process. Because of course, we all clearly see that when you have a cybersecurity incident, it can impact your ability to perform your mission. The third and probably most recent area that we’ve honed in on here is the State Department understands and acknowledges that moving forward, it’s going to be important to have international norms on things like cybersecurity and emerging technologies. And so they embarked on a plan to develop a brand new bureau within the State Department that would focus on those issues. And while they do coordinate with other agency partners on these issues, what we found was that they didn’t do a good job of engaging with those partners, whether they be in the law enforcement community or on the technical side of things, to make sure that they got their input on what this new bureau needed to have in terms of capabilities, and how they needed to be organized. And without doing that, they did put themselves at risk for unnecessary duplication or fragmentation potentially of work…” Read the full interview here.
Source: State Department has work to do in terms of embassy construction, cybersecurity – By Tom Temin, June 9, 2021. Federal News Network.