Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Career Intelligence
    • Cyber Tactics
    • Cybersecurity Education & Training
    • Leadership & Management
    • Security Talk
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Interactive Spotlight
    • Photo Galleries
    • Podcasts
    • Polls
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementSecurity NewswireCybersecurity News

Widespread Cybersecurity Problems Across Intelligence Community, Claims US Senator Ron Wyden

cybersecurity-laptop
June 18, 2020

U.S. Senator Ron Wyden has asked Director of National Intelligence John Ratcliffe to explain what steps he is taking to improve the cybersecurity of some of the nation's most most sensitive secrets, held by federal intelligence agencies, after Wyden obtained a "damning" CIA report on cybersecurity failures that led to “the largest data loss in CIA history" after a CIA employee stole "at least 180 gigabytes" of information and then provided that to WikiLeaks. 

Wyden, a senior member of the Senate Intelligence Committee, obtained the unclassified, redacted excerpt of the CIA’s WikiLeaks Task Force report from the Department of Justice, after it was introduced as evidence in a court case earlier this year involving stolen CIA hacking tools.

The 2017 CIA report revealed lax cybersecurity measures across the agency, including “acute vulnerabilities” in critical IT systems. The security was so poor, according to the report, if these hacking tools had “been stolen for the benefit of a state adversary and not published, we might still be unaware of the loss—as would be true for the vast majority of data on Agency mission systems.”

Wyden said it is time for Congress to reconsider a law that exempts intelligence agencies from federal cybersecurity requirements. "After a series of high-profile cybersecurity lapses at federal agencies, Congress took action in 2014, and gave the Department of Homeland Security (DHS) the authority to require federal agencies to adopt specific cybersecurity technologies and policies to safeguard federal systems. While Congress exempted the intelligence community from the requirement to implement DHS's cybersecurity directives, Congress did so reasonably expecting that Intelligence agencies that have been entrusted with our nation's most valuable secrets would of course go above and beond the steps taken by the rest of the government to secure their systems. Unfortunately, it is now clear that exempting the intelligence community from baseline federal cybersecurity requirements was a mistake," wrote Wyden in the letter. 

In addition, Wyden asked Ratcliffe to provide him with unclassified answers to questions as to why the intelligence community has yet to implement the Cybersecurity and Infrastructure Security Agency's (CISA) cybersecurity best practices, including DMARC, anti-phishing technology, and the use of multi-factor authentication, industry-standard cybersecurity protection. 

Fausto Oliveira, Principal Security Architect at Acceptto, a Portland, Oregon-based provider of Continuous Behavioral Authentication, says, “Senator Ron Wyden is correct in asking why what amounts to standard security practices in the industry are not being adopted by the CIA. Afterall, they are in the business of acquiring intelligence often through cyber offensive methods and are technically aware of how to exploit vulnerable systems, such as those that are not protected by Multi-Factor Authentication (MFA)." 

"Based on the findings of the report, it appears that there was a lack of IT and cybersecurity governance that led to a lax adoption of security controls," adds Oliveira. "It is not an operational matter, it is a matter of the agency's management not setting the right goals to manage the risks associated with operating an organization, specifically an organization that is a desirable target for all kinds of attackers.”

Tim Wade, Technical Director, CTO Team at Vectra, a San Jose, Calif.-based provider of technology which applies AI to detect and hunt for cyber attackers, notes, “Federal entities frequently must meet objectives critical to public safety with legacy processes and systems whose replacement and modernization are hampered by layers and layers of bureaucratic red tape.  Accepting the risk of continuing to operate such systems in a vulnerable state mitigates the greater risks associated with jeopardizing mission success.  Strategically, the solution involves revisiting and modernizing the failed process measures which allow these deficiencies to persist, and holding accountable any entities resistant to the faithful adoption of such measures.”

KEYWORDS: CIA security CISA cyber security risk management wikileaks

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Cyber tech background

    Security’s Top Cybersecurity Leaders 2026

    Security magazine’s Top Cybersecurity Leaders 2026 award...
    Top Cybersecurity Leaders
  • Iintegration and use of emerging tools

    Future Proof Your Security Career with AI Skills

    AI’s evolution demands security leaders master...
    Security Leadership and Management
    By: Jerry J. Brennan and Joanne R. Pollock
  • The 2025 Security Benchmark Report

    The 2025 Security Benchmark Report

    The 2025 Security Benchmark Report surveys enterprise...
    The Security Benchmark Report
    By: Rachelle Blair-Frasier
Manage My Account
  • Security Newsletter
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Popular Stories

Hand reaching up out of the ocean

What I Learned About Burnout the Hard Way (and How to Actually Fix it)

Paparazzi

When Private Events Become Public Infrastructure: What Celebrity OSINT Teaches Security Leaders

Colorful laptop

Organizations Think They Know Who’s Visiting Their Sites. They Don’t.

Broken wet floor sign

Why Response Time Is Becoming the Missing Metric in Workplace Safety and Security

Cyber Tactics

AIBOMs: Bringing AI Security Out of the Shadows, A Practical Guide for Security Professionals

Kaseware sponsored webinar
Schneider Electric sponsored webinar

Events

August 25, 2026

Critical Infrastructure Security Is National Security: Protecting Essential Operations in an Era of Escalating Risk

LIVE: August 25, 2026 at 2 PM EDT Learn why critical infrastructure security has become a national security imperative, and the strategies organizations can adopt to improve visibility, collaboration, and response across their security operations.

August 27, 2026

Leveraging AI & Mobility to Advance Your Security Domain

LIVE: August 27, 2026 at 2 PM EDT Explore how AI-driven cloud security solutions can elevate your security domain enhancing threat detection, streamlining operations, and delivering the resilience modern organizations demand.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products


Alertmedia sponsored webinar

Related Articles

  • active shooter policy

    US Senator McSally Releases Legislation to Target Domestic Terrorism

    See More
  • cybersecurity

    University of Southern California establishes an Intelligence Community Center for Academic Excellence

    See More
  • Building Enterprise Solutions to 8 Major Cybersecurity Problems

    See More

Related Products

See More Products
  • 150952519X.jpg

    Intelligence in An Insecure World, 3rd Edition

See More Products
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • Newsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2026. All Rights Reserved BNP Media, Inc. and BNP Media II, LLC.

Design, CMS, Hosting & Web Development :: ePublishing