Wave Systems Corp. (fka WAVXQ)

[Genz2]

State Department is failing at basic cybersecurity standards, senators say

https://www.cnet.com/news/the-state-department-is-failing-at-basic-cybersecurity-standards-senators/

The agency was told to adopt basic cybersecurity measures. Less than 11 percent of its devices actually did.

Senators want to know why the State Department isn't using basic cybersecurity protections.

In a letter sent to Secretary of State Mike Pompeo on Tuesday, a bipartisan group of five senators called out the department's poor cybersecurity practices.

The agency was required to adopt multifactor authentication for all accounts with "elevated privileges" as part of the Federal Cybersecurity Enhancement Act. An inspection found that only 11 percent of required agency devices actually enabled it, according to the letter.

The State Department has received the letter and is carefully reviewing it, a spokesperson said.

Cybersecurity has become a major concern for government officials as nation-state hackers from countries like North Korea, Russia and Iran set their sights on the US for espionage and cyberattacks. These hacks, which have infiltrated power grids and routers, give spies an opening for future attacks. As these cyberattacks are often politically motivated, it's alarming to the group of senators that the State Department isn't meeting federal cybersecurity standards.

In another investigation, the Department of State's inspector general found that security experts were able to exploit vulnerabilities in the agency's email accounts, as well as its applications and operating systems.

The senators noted that a simple password isn't enough to protect State Department email accounts anymore. Multifactor authentication is a simple security measure that requires two forms of verification -- like a password and a PIN code, for example -- to gain access to an account. Even if hackers steal your password, it'll be harder to hijack an account.

"We are sure you will agree on the need to protect American diplomacy from cyber attacks, which is why we have such a hard time understanding why the Department of State has not followed the lead of many other agencies and complied with federal law requiring agency use of MFA," the letter says.

The letter was signed by Sen. Ron Wyden, a Democrat from Oregon; Sen. Cory Gardner, a Republican from Colorado; Sen. Ed Markey, a Democrat from Massachusetts; Sen. Rand Paul, a Republican from Kentucky; and Sen. Jeanne Shaheen, a Democrat from New Hampshire.

They're seeking answers from Pompeo on these points, with a deadline of Oct. 12:
01What actions has the Department of State taken in response to the Office of Management and Budget's designation of the Department of State's cyber readiness as "high risk"?

02What actions has the department taken to rectify the near total absence of multifactor authentication systems for accounts with elevated privileges accessing the agency's network, as required by federal law?

03Provide statistics, for each of the past three years, detailing the number of cyberattacks against Department of State systems located abroad and including statistics about both successful and attempted attacks.

=================================================================
https://www.wavesys.com/products/wave-virtual-smart-card

The user experience with a virtual smart card is simple: he or she logs in with a PIN (authentication factor number one). The TPM (authentication factor number two) then transparently identifies the device to the network and connects the user to all the approved services. It’s one less thing for users to carry around.
=================================================================
With regard to cyberattacks on the State Department what is below could help the State Dept. in a big way. imo.

https://www.wavesys.com/products/embassy%C2%AE-remote-administration-server-tpm-management

Wave’s ERAS for TPM Management gives IT remote, centralized management of all TPMs on enterprise computers and tablets.

With this control, IT can set policies and dictate which machines and users have authority to access which resources. IT can ensure that only known and approved devices are accessing your network. And what’s more, IT can prove it with detailed activity logs.
=================================================================
Wave has already had experience with multi factor authentication and the government:

Wave Systems Announces First U.S. Federal Government Customer for Wave Virtual Smart Card 2.0

https://www.wavesys.com/buzz/pr/wave-systems-announces-first-us-federal-government-customer-wave-virtual-smart-card-2.0

Lee, MA -

October 2, 2014 -


Wave Systems Corp. (NASDAQ: WAVX) marked an important sales milestone by announcing the first U.S. federal government customer for its Virtual Smart Card 2.0.

Since the Virtual Smart Card 2.0 became commercially available in late July 2014, Wave has entered into dozens of pilot deployments in multiple sectors, including healthcare, financial services, automotive, energy and utilities. However, today’s announcement marks the product’s first sale in the government sector.

“This is an important milestone for Wave,” said Bill Solms, CEO of Wave. “Wave Virtual Smart Card 2.0 has been purchased by a government agency with significant security requirements and one that requires redundant means of system authentication due to national security interests. This initial sale is modest compared to the addressable market within the Federal Government sector, but it is important to our strategy for marketing the Virtual Smart Card to address critical government infrastructure defense.”

“We believe that this sale, which was completed on a shorter sales cycle than we had anticipated, supports our view that customers are interested in the type of cyber security solution that Wave’s Virtual Smart Card 2.0 provides,” Solms added.

Wave Virtual Smart Card 2.0 is the industry’s only enterprise-grade virtual smart card management solution that works on Windows 7. It also supports Windows 8 and 8.1. Wave’s new solution emulates the functionality of physical smart cards or tokens, but offers greater convenience to users, lower total cost of ownership, and a reduced risk of unauthorized use.

Wave Virtual Smart Card 2.0 gives IT the ability to:
• Remotely create and delete virtual smart cards
• Provide help desk-assisted recovery
• Configure PIN and card policies
• View the status of virtual smart cards and enrolled certificates
• Generate reports for compliance
• Support virtual smart cards on laptops, tablets and desktops with TPM 1.2 or TPM 2.0