Cybersecurity

State Department's database vulnerabilities are nothing new

photo of US passport

The State Department's vast database for processing visas, which has had its share of IT struggles, is back in the spotlight courtesy of an ABC News report that the database is vulnerable to hacking.

An internal study of State's Consular Consolidated Database revealed the system was at risk of being breached, according to the ABC News report, which cited anonymous sources at the department and on Capitol Hill. The CCD is a federation of several databases that holds 290 million passport-related records, 184 million visa records and 25 million records on U.S. citizens overseas, according to Ashley Garrigus, spokesperson for the department's Bureau of Consular Affairs.

The State Department is under constant siege from hackers trying to obtain sensitive government information, Garrigus said in a statement to FCW. However, she said, "there is no current evidence that a cybersecurity incident has occurred pertaining to the CCD."

Garrigus said the department cannot discuss the "specifics of our remediation efforts for vulnerabilities due to the sensitivity of that information."

A district judge last October sentenced twin brothers Muneeb and Sohaib Akhter for conspiring to hack into State Department computer systems to obtain passport and visa information. And the CCD has struggled at times over the last two years to run smoothly even for normal operations. A hardware jam last June ground the system to a near halt, while a software glitch took the system offline for three days in July 2014, disrupting travel for thousands of people around the world.

A former U.S. official familiar with the subject matter told FCW that recently completed software upgrades at the CCD will improve the security and reliability of the system, adding that more security-enhancing upgrades are on the way.

Nonetheless, the former official said, "one of the systemic ongoing challenges is the size of the system and the age of the software and the hardware" that form its backbone. Some of the foundational pieces of the CCD have "been around long enough for people to try to figure out how to hack them."

Any report of the CCD's vulnerabilities could mean a range of scenarios, the former official said, adding that one example could be a previously announced software patch that the State Department is just now applying.

"Any database anywhere in the world is a vulnerability," State Department spokesperson Elizabeth Trudeau said during an April 1 briefing. "However, the Consular Consolidated Database is constantly monitored [and] assessed."

FCW staff writer Aisha Chowdhry contributed reporting.

About the Author

Sean Lyngaas is a former FCW staff writer.

Featured

  • Comment
    Pilot Class. The author and Barbie Flowers are first row third and second from right, respectively.

    How VA is disrupting tech delivery

    A former Digital Service specialist at the Department of Veterans Affairs explains efforts to transition government from a legacy "project" approach to a more user-centered "product" method.

  • Cloud
    cloud migration

    DHS cloud push comes with complications

    A pressing data center closure schedule and an ensuing scramble to move applications means that some Homeland Security components might need more than one hop to get to the cloud.

  • Comment
    Blue Signage and logo of the U.S. Department of Veterans Affairs

    Doing digital differently at VA

    The Department of Veterans Affairs CIO explains why digital transformation is not optional.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.