Information-systems failures are as integral to the State Department as striped pants. The Foreign Service is a fine institution, not well served by successive State Department managements. State is especially unable to get its information systems under control. From the legendary Wang debacle [which would be a good name for a band] to the 2002 Inspector General’s report:
The dramatic expansion in computer interconnectivity and the rapid increase in the use of the Internet are changing the way the government, the nation, and much of the world communicate and conduct business. However, without proper safeguards, these developments pose enormous risks that make it easier for people and groups with malicious intent to intrude into inadequately protected systems and use such access to obtain sensitive information, commit fraud, disrupt operations, or launch attacks against other computer networks and systems. Computer-supported Department operations are at risk. Previous General Accounting Office, OIG, and Bureau of Diplomatic Security reports have identified persistent computer security weaknesses that place a variety of critical and mission-essential Department operations at risk of disruption, fraud, and unauthorized disclosure.
The Department recognizes that much more must be done to develop fully and ensure continuity of its systems security program. In its September 2002 report on the Department’s information security program, OIG identified several key areas of information security that still require management attention. Specifically, the Department has made slow progress in addressing information security weaknesses identified in OIG’s 2001 review of the Department’s implementation of the Government Information Security Reform Act. In response to the report, the Department developed a strategy to address a key deficiency, the lack of certification and accreditation of its information systems. However, the Department has not developed a timetable for certification and accreditation of all systems, and as of August 2002, only four percent of its systems had been certified and accredited. Further, although 72 percent of the Department’s 358 systems are reported to have security-level determinations, only 15 percent are reported to have security plans.
But that was all taken care of by 2006:
The Department, issued “The Plan to Capture Contractor Systems in the Department of State’s Inventory of Information Systems” to the OIG and OMB with an implementation plan for ensuring the appropriate level of security of all contractor connections, extensions and systems. A Procurement Information Bulletin (PIB) concerning information security imposed upon contractor services and products was also finalized and issued.
They issued a PIB—what more do you want? A TPS report?
And they’ve made sure to appoint only the best Inspectors General:
Krongard, who took the inspector general’s job in 2005 after serving as counsel to several accounting and law firms, ran afoul of the House Committee on Oversight and Government Reform in recent months over his stewardship of key investigations. He also came under criticism from State Department employees who
In a statement, Oversight Committee Chairman Henry A. Waxman (D-Calif.) essentially bade Krongard good riddance.
“Mr. Krongard’s decision removes an enormous distraction from the Inspector General’s office and will allow the office to focus on its important oversight responsibilities,” he said. “The committee will certainly take this new development into account.”
Nothing to see here, folks. Keep it moving along…