Home Featured State Department Sheds New Light on Cybersecurity Threats

State Department Sheds New Light on Cybersecurity Threats

Get started on your cybersecurity degree at American Military University.

By David E. Hubler
Contributor, In Homeland Security

You won’t find one of the State Department’s most critical agencies, the Diplomatic Security Service’s Foreign Affairs Cybersecurity Center (FACC), at State’s Foggy Bottom headquarters in Washington. That’s because FACC’s primary mission is to safeguard diplomatic data and IT assets at 27 embassies, 190 consulates and for 100,000 users worldwide.

“Our mandate is to diplomatic security,” said Lonnie Price, assistant director at the Diplomatic Security Service (DSS) and head of the Cyber and Security Technology Directorate during a recent roundtable meeting attended by In Homeland Security. It was the first time that the Center opened its doors to reporters – to mark National Cyber Security Awareness Month.

To meet its mission, the agency’s Foreign Affairs Cybersecurity Center was built amid acres of pastoral farmland in suburban Maryland. The center is fenced and guarded round the clock – not unusual in security-heavy DC. But its oversize satellite dishes that gathered 7.5 terabytes of sensitive data last year would be difficult to locate – and hard to miss – in the city.

“It’s an ideal location. We can monitor all activities very well here,” Price said of FACC’s location.

Since its formation in 1986, DSS continues to expand its technology and capabilities to mitigate the ever-changing security threat.

However, the Department strategically established its new Cyber and Technology Security (CTS) directorate as a separate State Department unit in May. The aim was to “more fully leverage its advanced technology and operational security expertise to identify and respond to cyber risks and threats,” according to a DSS statement.

FACC Has Grown from a Cyber-Monitoring Center to the Central Office for Cyber Issues in U.S. Foreign Affairs

Over the past two decades, FACC has transitioned from a cyber-monitoring center to the central office for cyber issues in U.S. foreign affairs. The center takes recommendations from the Department of Homeland Security and the National Security Agency to respond to threats and vulnerabilities.

The center is in the process of migrating to cloud-based systems. “The advantages are compelling,” Price said, because the cloud will give FACC the ability to scale rapidly to support critical-mission directives. “There are no limitations on bandwidth in the cloud,” Price explained.

FACC freely shares threat analysis data with State’s inter-agency partners, Price said. “We communicate with the Homeland Security Department about 50 times a day.” He described their collaboration as “intense.”

The heart of FACC operations is a windowless basement room with three tiers of computer monitors. Each station is manned by a specially trained cyber analyst. Three large screens dominate the front wall. One screen nicknamed “the porcupine” visually displays current cyber threats worldwide as long spikes extending outward from a global map.

The room is reminiscent of NASA’s launch center at Cape Canaveral. It provides analysts and decision makers with an interconnected worldview, as it protects critical embassy and diplomat data systems while sharing critical information and interoperating with DHS and other agencies.

Last Year, the FACC Recorded 7.5 Billion Potential Risks and Threat Alerts

In this room, cybersecurity analysts pore through “some five terabytes of data each day,” Price said. They detect, monitor and log in potential risks and threat alerts to diplomats, embassies, consulates and other State facilities around the world. Last year, FACC recorded 7.5 billion such potential risks. From that pool, 17,000 proved to be actual threats and were acted on to neutralize them, Price said.

FACC can also monitor the area outside every American Embassy in real time. However, manpower limits preclude watching all live feeds every day, Price explained. The data is stored for future use if necessary. But when trouble erupts at a U.S. installation, FACC will monitor the situation live and promptly report it to the appropriate U.S. and host country law enforcement agencies.

As an example of DSS’s broad mandate and ability to counter all kinds of threats, Price recounted “Operation Cinderella Story.” DSS agents in New York – working with the NYPD, the U.S. Attorney’s Office in New York and officials in South Korea – monitored, investigated and dismantled a transnational human trafficking network that was laundering millions of dollars in illicit proceeds from secret New York City brothels. Eleven people were indicted in 2016 and DSS expects to recover approximately $3 million in seized assets and fines.

FACC Announces Bureau of Information Resource Management Joint Cybersecurity Initiative

FACC is currently working with State’s Bureau of Information Resource Management (IRM) to create a joint office for cybersecurity, according to a FACC announcement.

“We are very excited that, in the near future, IRM staff will be working at the FACC, creating a joint Security Operations Center for the department,” Mary Stone Holland, director of the Department’s Office of Cybersecurity, said in a blog post. This close partnership will result in real-time collaboration and more efficient operations.

FACC’s migration to the cloud and the creation of the joint Security Operations Center will further expand the Department’s ability to securely move and store critical diplomatic data as well as detect and mitigate cyberattacks from any corner of the world.

Get started on your cybersecurity degree at American Military University.