Cybersecurity

State Department's database vulnerabilities are nothing new

photo of US passport

The State Department's vast database for processing visas, which has had its share of IT struggles, is back in the spotlight courtesy of an ABC News report that the database is vulnerable to hacking.

An internal study of State's Consular Consolidated Database revealed the system was at risk of being breached, according to the ABC News report, which cited anonymous sources at the department and on Capitol Hill. The CCD is a federation of several databases that holds 290 million passport-related records, 184 million visa records and 25 million records on U.S. citizens overseas, according to Ashley Garrigus, spokesperson for the department's Bureau of Consular Affairs.

The State Department is under constant siege from hackers trying to obtain sensitive government information, Garrigus said in a statement to FCW. However, she said, "there is no current evidence that a cybersecurity incident has occurred pertaining to the CCD."

Garrigus said the department cannot discuss the "specifics of our remediation efforts for vulnerabilities due to the sensitivity of that information."

A district judge last October sentenced twin brothers Muneeb and Sohaib Akhter for conspiring to hack into State Department computer systems to obtain passport and visa information. And the CCD has struggled at times over the last two years to run smoothly even for normal operations. A hardware jam last June ground the system to a near halt, while a software glitch took the system offline for three days in July 2014, disrupting travel for thousands of people around the world.

A former U.S. official familiar with the subject matter told FCW that recently completed software upgrades at the CCD will improve the security and reliability of the system, adding that more security-enhancing upgrades are on the way.

Nonetheless, the former official said, "one of the systemic ongoing challenges is the size of the system and the age of the software and the hardware" that form its backbone. Some of the foundational pieces of the CCD have "been around long enough for people to try to figure out how to hack them."

Any report of the CCD's vulnerabilities could mean a range of scenarios, the former official said, adding that one example could be a previously announced software patch that the State Department is just now applying.

"Any database anywhere in the world is a vulnerability," State Department spokesperson Elizabeth Trudeau said during an April 1 briefing. "However, the Consular Consolidated Database is constantly monitored [and] assessed."

FCW staff writer Aisha Chowdhry contributed reporting.

About the Author

Sean Lyngaas is an FCW staff writer covering defense, cybersecurity and intelligence issues. Prior to joining FCW, he was a reporter and editor at Smart Grid Today, where he covered everything from cyber vulnerabilities in the U.S. electric grid to the national energy policies of Britain and Mexico. His reporting on a range of global issues has appeared in publications such as The Atlantic, The Economist, The Washington Diplomat and The Washington Post.

Lyngaas is an active member of the National Press Club, where he served as chairman of the Young Members Committee. He earned his M.A. in international affairs from The Fletcher School of Law and Diplomacy at Tufts University, and his B.A. in public policy from Duke University.

Click here for previous articles by Lyngaas, or connect with him on Twitter: @snlyngaas.


Featured

  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.