In a letter to Director of National Intelligence John Ratcliffe, Senator Ron Wyden (D-OR) says Congress made a mistaken when it exempted the intelligence community from cybersecurity directives from the Department of Homeland Security. Wyden said they had done so with the expectation that intelligence agencies “would of course go above and beyond steps taken by the rest of the government to secure their systems.”
However, a report indicates that intelligence agencies have not implemented multifactor authentication for domain name system infrastructure, and that DMARC – an anti-phishing technology mandated by DHS in 2017 – is not being used at the CIA, the National Reconnaissance Office, or the Office of the Director of National Intelligence itself.
Wyden asked John Ratcliffe to explain what steps he is taking to improve the cybersecurity of some of the nation’s most most sensitive secrets. The report documented systemic failures that led to the largest data loss in CIA history after a CIA employee stole at least 180 gigabytes of information, which he provided to WikiLeaks.