The target is a busy employee working high-profile trade or economic issues. The bait is a cleverly forged email carrying what looks like important research or scheduling information. One mistaken click on a phony web page link or infected attachment starts a race against time and technical know-how between the Bureau of Diplomatic Security’s (DS) cybersecurity team and hostile actors trying to steal sensitive information.
“We fight a daily battle against very clever adversaries who are equipped with the latest hacker tools and attempt to exploit vulnerabilities in our systems,” noted Mary Stone Holland, Director of DS’s Office of Cybersecurity (CS). “The threats range from state-sponsored actors to cyber criminals and hacktivist groups, all of whom are trying to gather information about our people and compromise the integrity of our information and business operations.”
The DS cybersecurity team is responsible for safeguarding the Department’s global diplomacy networks, which cover 100,000 users worldwide at 275 overseas embassies and consulates in more than 190 countries. As threats against the Department escalate and become increasingly more sophisticated, implementing cutting-edge cybersecurity is quickly becoming a top priority in DS.
To secure this international maze of cyber assets, DS utilizes a “defense-in-depth” strategy that leverages an integrated array of analysts, advanced tools, and operational programs to uncover and close security holes before malicious actors can exploit them.
“The defense-in-depth approach enables us to maximize the full gamut of DS expertise, in coordination with the Bureau of Information Resource Management (IRM), to quickly detect, react, respond to, and mitigate security issues that may jeopardize the Department’s diplomatic mission,” Holland said. “It has to be a team effort because our cyber protection surface is expanding rapidly with the advent of mobile computing, cloud computing, and social media.”
The DS cybersecurity program, which began over two decades ago, has continuously evolved to keep pace with developments in technology and the asymmetric nature of cyber-based threats. Specifically, the Office of Cybersecurity handles cybersecurity policy and awareness as well as the majority of DS’s operational cybersecurity duties, including network intrusion detection, compliance verification, vulnerability assessment, penetration testing, incident handling, threat analysis, and the Regional Computer Security Officer program.
A high-profile example of the growth in the cybersecurity program is the Foreign Affairs Cybersecurity Center (FACC), which is DS’s state-of-the-art facility in Beltsville, MD, that focuses on detecting and understanding the emerging cyber threats and activities within the Department and the entire foreign affairs community.
“The FACC has grown from a 24/7 network security monitoring center to the Department’s central hub for developing global cyber security situational awareness for the foreign affairs community,” Holland said.
She continued, “The FACC improves our ability to collect, fuse, and report all-source information regarding threats, vulnerabilities, and related operational cyber security issues affecting the Department. It enables us to implement more advanced cyber detection tools at the recommendation of the National Security Agency and the Department of Homeland Security (DHS). In addition, we are very excited that, in the near future, IRM staff will be working at the FACC, creating a joint Security Operations Center for the Department. This close partnership will result in real-time collaboration and more efficient operational remediation.”
Although the Office of Cybersecurity utilizes state-of-the-art tools and technologies to monitor, detect, and analyze cyber threats, the Department also must rely on computer users to serve as the first line of defense in protecting data. To that end, the Office of Cybersecurity provides an extensive cybersecurity awareness program with online training, briefings, campaigns, blasts emails, and other resources.
Every October, the State Department celebrates National Cybersecurity Awareness Month, a collaborative effort between government and industry that encourages the public to protect their personal and work computers and our nation’s critical cyber infrastructure. This year, the Office of Cybersecurity is working in collaboration with IRM, DHS, and other entities to promote this important message.
“National Cyber Security Awareness Month reminds all computer users to be vigilant in protecting their information –- to keep them safe both at work and at home. And, while this month-long campaign aims to highlight online safety tips, users should practice these habits all year long as well,” Holland said.
About the Author: Marlene Chandler serves as Division Chief, Policy & Awareness Program in the Office of Computer Security, Bureau of Diplomatic Security, U.S. Department of State.
For More Information: