October 19, 2015

REPORT: Clinton’s State Department A Cybersecurity Risk

This week, Hillary Clinton’s team is attempting to portray their candidate as a strong leader, but that messaging is getting tripped up by a new Associated Press report about her poor judgment heading up State. The report shows Clinton’s State Department “was among the worst agencies in the federal government at protecting its computer networks…”

The State Department’s compliance with federal cybersecurity standards was below average when Clinton took over but grew worse in each year of her tenure, according to an annual report card compiled by the White House based on audits by agency watchdogs. Network security continued to slip after Kerry replaced Clinton in February 2013, and remains substandard, according to the State Department inspector general.

State scored a 42 out of 100 on the federal government’s latest cybersecurity report card, earning far lower marks than the Office of Personnel Management, which suffered a devastating breach last year.

This is not the first warning about the lack of security in Clinton’s State Department. As BuzzFeed reported in 2013, the Department’s new information management system, SMART, exposed sensitive information with no security protocols in place:

“The issues were, from a technical and security perspective, basic: The system left workstations and servers unsecured; relied on unencrypted transfer of secret materials during the migration to SMART; and at times mingled classified and unclassified materials, contra State Department regulations, according to the sources and documents.”

Clinton did not have a permanent Inspector General (IG) at the State Department during the duration of her time there, but months after she left office, an IG was appointed and found persistent problems.