A senior State Department official admitted before Congress on Tuesday that its networks have been subjected to malicious hack attacks that have affected the department, according to testimony offered before a Senate Foreign Relations Subcommittee.
While discussing critical issues the State Department faces, Inspector General Steve Linick revealed the agency’s critical networks have faced attacks from hackers and other cyber criminals.
The attacks have affected Linick's ability to perform oversight work since it shares a network with the State Department, he said, following questions from subcommittee chairman Sen. David Perdue (R., Ga.).
"Do you have evidence that the State Department’s network has been attacked, and does that affect you guys?" Perdue asked Linick.
"There is evidence it has been attacked, and it has affected us," Linick said, though he declined to outline specific issues and instances. "I can’t really go into details because of the nature of the information."
Perdue told the Washington Free Beacon that Linick's admissions have prompted questions about how the State Department handles security over its networks.
"Clearly, this is very concerning and I think it raises questions about how vulnerable the State Department’s networks are both internally and externally to future attacks," Perdue said. "My focus is really on making sure the IG can conduct adequate oversight—and that cannot happen if the State Department and its investigation arm are not secure."
When pressed for further details about the steps the State Department and IG are taking to protect the network and preserve its independent oversight role, Linick said more action must be taken.
"To the extent that the Department suffers from attacks—we suffer from attacks because we’re on the same network," Linick said. "We’ve taken a number of steps since I’ve been in office. First of all, we’ve asked the Department to agree not to come on to our system without asking permission."
However, because the State Department controls the IG’s network access, officials could enter the IG’s system any time they please.
This could impede and complicate oversight work performed by the IG, which is supposed to remain independent from the agency it oversees.
"We’ve gotten that agreement from the Department" that it will not enter the IG’s network without permission, Linick said. "But we need more than that. Because right now, we’re sort of in a gated community, if you will, where we rent our IT system and the IT folks at the Department have the keys to our IT system."
"So they really have unfettered access to the system. If they wanted to, they could read, modify, delete any of our work," Linick said.
Separately, any attacks by hackers on the State Department’s networks could interfere with and compromise work done by the IG.
Linick said the IG’s reliance on the State Department for its critical networks impedes his work and need for total independence from those he oversees.
"We really need to be independent from the Department," Linick told Perdue. "We have a lot of sensitive information on our network. So I would say those two things would be on the top of my list."
The State Department also has been slow in telling the IG about serious criminal misconduct.
A key issue "is our [lack of] ability to get early notification of misconduct involving serious or criminal activity, and our ability to investigate that, at least decide whether we are going to investigate that, and return it back to the Department," he said. "So that’s our number one issue."
The State Department did not respond to requests for further information on the attacks.