Tag Archives: ISSOs

A Small Post in Africa Just Fired “Several Dozen Male Employees”

February 15, 2022 By in AF |Africa, Diplomatic Security, Huh? News, Investigations, Locally Employed Staff, NEA|Near East Asia, Oversight, Realities of the FS, Security, State Department, U.S. Missions Tags: , , , , , , ,
We received the following in our inbox recently:

The Embassy held a town hall and finally disclosed that several dozen male employees had been separated from employment.

Charges included:

— improper used of government computers

— immoral conduct for posting obscene images and videos to a social media chat group

Criminal investigation is ongoing.

TDY staff have been flown in from other AF posts, NEA and Washington DC.

Outgoing ambassador departs soon; incoming ambassador to arrive in February.

Most of the job vacancies should be listed on the Embassy website in the coming weeks.

So this is a small post.  Since most jobs are expected to be advertised on the embassy website, we can assume that those separated from employment were locally hired staffers. “Several” means more than two and fewer than many.
Let’s say we have about a hundred employees at this post, with half of those male. Several dozens, say three dozens would be 36 employees. If four dozens, that would be the entire male population, half of the locally hired staff, wouldn’t it?
How would embassies ever find out what shenanigans are going on in their computer systems?
Information Systems Security Officers (ISSO) are responsible for implementing the Department’s information systems security program and for working closely with system managers on compliance with information systems security standards. The Bureau of Information Resource Management’s Office of ISSO Oversight, Regional, and Domestic Division, assists, supports, and coordinates the activities of domestic and overseas ISSOs.
In 2017, OIG inspection reports have repeatedly found deficiencies in the performance of ISSO duties. The Management Assistance Report then notes the following:

OIG reviewed information management findings in reports of overseas inspections conducted from fall FY 2014 to spring FY 2016 and found that 33 percent (17 out of 51) reported findings on the non-performance of ISSO duties. Specifically, the reports noted that information management personnel failed to perform regular reviews and analyses of information systems audits logs, user libraries, emails, workstations, servers, and hard drives for indications of inappropriate or unusual activity in accordance with Department standards.

But what if this post was previously:
— informed in 2019 that its unclassified and classified Information Systems Security Officers (ISSO) did not perform all information systems security duties, such as review and analysis of information systems audit logs for inappropriate or unusual activity, as required by 12 FAM 613.4?
— informed that its ISSOs did not brief new employees on their information security responsibilities and the Department’s policies? OIG notes that ISSO briefings are particularly important for LE staff who have never worked for the U.S. Government.
— informed that its ISSOs did not use the Department’s ISSO resources, such as standard operating procedures and checklists, to prioritize and plan their duties?
— made aware that a lack of planning and training as well as competing priorities led the embassy to neglect these duties and this has resulted in the security of the Department’s computer systems at risk?
Who should then be held accountable for this incident?
Or.
Perhaps, it took the embassy this long to finally conduct a systems audit logs and other systems security duties as required, and that’s how they found out about these obscene images?
Who should get an award?
Makes one wonder about that 17 posts who were reported for non-performance of ISSO duties.
What might they find there when they finally do perform those duties?

 

###