The Department of State has several ongoing issues related to both information security and workforce. At the heart of the issue is State Department’s leadership, according to a Jan. 22 inspector general report detailing the department’s struggles in fiscal 2019.
With facilities across the globe sharing information, the State Department depends on information systems to carry out its work. But, the inspector general found “numerous control weaknesses .... affected program effectiveness and increased the Department’s vulnerability to cyberattacks and threats.”
According to the inspector general, the department hasn’t fully implemented its risk management strategy and has dispersed cybersecurity authorities across the department. The IT leadership structure has prevented the department CIO from being accountable for information security issues.
For example, State’s Bureau of Diplomatic Security, which has some cybersecurity authorities, doesn’t report to State’s CIO, the IG wrote. The IG report adds that the CIO doesn’t have the ability to track and control IT investments.
Meanwhile, the IG noted, some overseas information systems security officers (ISSOs) continued to fail to complete all their information systems security job requirements. This problem was first identified by the inspector general in 2017. The IG also found deficiencies in the department’s IT contingency planning at overseas posts and shortfalls in how the department tests for shortfalls in its IT systems.
For example, the IG found that there “no mechanism in place to communicate identified vulnerabilities to the system owner if a vulnerability was considered significant or required additional resources to remediate.”
“Without a systematic approach to monitoring networks and recording findings, department networks could be breached, and information security compromised,” the IG wrote.
Staffing issues have plagued the agency as well, an challenge made worse by the hiring freeze that was instituted by President Donald Trump and continued for nearly a year and a half.
“OIG’s work finds that staffing gaps, frequent turnover, poor leadership, and inexperienced and undertrained staff frequently contribute to the Department’s other management challenges. Workforce management issues are pervasive, affecting programs and operations domestically and overseas and across functional areas and geographic regions,” the report said.
The freeze not only prevented the agency from bringing on new personnel, but also disrupted training and professional development programs, as heavy workloads and agencywide restrictions on detail assignments prevented such initiatives from moving forward.
The report identified underqualified and inadequately trained staff as an additional problem plaguing the agency.
Filling leadership positions also proved a significant management challenge for the agency, and those positions that were filled faced issues with accountability and adherence to department principles.
“A report on leadership within the Bureau of International Organization Affairs revealed numerous complaints, including allegations of disrespectful and hostile treatment of employees, unmerited accusations of disloyalty, and retaliation based on conflicts of interest,” the report said.
“Many leadership concerns associated with the National Passport Center in New Hampshire were also reported to OIG, prompting a targeted review. Employees reported widespread inappropriate behavior that included allegations of retaliation, such as denying awards, promotions, and special assignments and pursuing meritless disciplinary actions; multiple incidents of sexual and gender-based harassment; and multiple accounts of subtle or blunt intimidation.”
Andrew Eversden covers all things defense technology for C4ISRNET. He previously reported on federal IT and cybersecurity for Federal Times and Fifth Domain, and worked as a congressional reporting fellow for the Texas Tribune. He was also a Washington intern for the Durango Herald. Andrew is a graduate of American University.
Jessie Bur covers federal IT and management.