GAO Finalizing Report on US Embassies Using Outdated Software

The Government Accountability Office is creating a report identifying cybersecurity risks facing U.S. embassies resulting from their continued use of legacy software and a lack of cybersecurity personnel, according to people familiar with the matter.

GAO began working on the report before Chinese hackers were reported to have accessed the emails of senior officials at the Department of State, which operates U.S. embassies worldwide. 

The report, expected to be completed by fall, highlighted concerns about the department’s ability to secure sensitive communications, Politico reported. GAO found that many U.S. embassies and missions are still using the Windows XP operating system. Microsoft’s website said the company ended providing technical assistance and automatic updates for the OS and its continued use will make computers more vulnerable to security risks and viruses.

In an emailed statement, the Department of State noted that Chief Information Officer Kelly Fletcher is collaborating with diplomatic security to improve the cyber posture of foreign posts. The agency said it has a platform that identifies malicious cyber activity to combat bad actors often targeting its critical systems.

Cybersecurity is among GAO’s priority recommendations for the State Department in 2022. The new report is expected to compel the agency to take more effective actions to strengthen its cyber defenses.