BBG CEO John Lansing warned OIG not to reveal details of BBG massive cyber security lapses
August 22, 2016
22 minute read
BBG Commentary
Broadcasting Board of Governors (BBG) CEO and Director John Lansing warned the Office of Inspector General (OIG) not to reveal detailed information how his subordinates among longtime BBG executives had undermined cyber security at the ailing agency responsible for U.S. media outreach abroad. “The draft wording of the report provides sensitive details about the security controls for our Privacy Information Enclave (PIE) and these details should not be released into the public sphere,” Lansing wrote in a letter, dated August 1, 2016, to Norman P. Brown, Assistant Inspector General for Audits at the Office of Inspector General in the U.S. Department of State.
It appears, however, that OIG inspectors, frustrated with the BBG’s leadership, have largely ignored Mr. Lansing’s warning or the cyber security lapses at the agency have been so vast that they were nevertheless described in great detail in the final OIG report. Their devastating assessment listed at some length numerous and serious cyber security failures of BBG executives whom Lansing also tried to defend in his letter to the OIG prior to the publication of the final report. The OIG responded to Mr. Lansing’s specific warning with a rather terse statement that “BBG’s comments were considered and incorporated in this report when appropriate.” [Emphasis added.]
BBG employees concerned about protecting their private information have certainly a lot to worry about considering the current state of the agency’s management. The OIG is not only right; the IT experts it uses know far more about cyber security than the BBG executive team. BBG executives may try to blame any future hacking attack on the OIG report, but no one will believe them.
It’s very likely that Mr. Lansing’s letter was drafted by the same BBG officials who are responsible for the cyber security lapses discovered in the OIG initiated audit. Some of the statements in Mr. Lansing’s letter are particularly disturbing. Mr. Lansing wrote, for example, that “with respect to why logical access controls or multi-factor authentication are not being used, BBG officials stated that the multi-factor authentication was not completed due to insufficient funding.” BBG’s current budget ($777 million in FY 2017 Budget Request) is in fact larger than the adjusted for inflation budget of the Voice of America and the U.S. worldwide and domestic government propaganda, public diplomacy and press censorship agency during World War II when the U.S. was facing deadly enemies of Hitler’s Germany, Imperial Japan and their allies. The BBG’s current budget is also larger than the inflation adjusted combined budgets of the Voice of America and Radio Free Europe/Radio Liberty during much of the Cold War.
Mr. Lansing, or whoever drafted the letter, wrote:
“The Enterprise Platforms Division Manager, who ultimately reports to the CIO, is responsible for account management, which includes routinely disabling temporary system accounts and automatically disabling inactive accounts.”
This raises two points:
1. By specifically mentioning the Enterprise Platforms Division Manager, the Lansing letter appears to shift the blame from the top management to the third tier of BBG management. This has been a typical reaction of BBG officials for years to any kind of OIG and other criticism of their persistent mismanagement of the agency.
2. The Lansing letter provides the Russians and the Chinese with quite specific information who is in charge of disabling temporary and inactive computer accounts. Russian and Chinese hackers and others can use this information provided in Mr. Lansing’s letter to find out who that person is and focus on his or her government and private IT equipment and online activities to break into the BBG computer system.
So much for Mr. Lansing, or whoever drafted the letter, knowing how not to reveal sensitive information. It appears that Mr. Lansing just did. He should have known that the OIG would make his letter public because such letters are always included in any final OIG report.
Let’s not also forget that the same BBG executives, several years before Mr. Lansing showed up at the agency, were responsible for letting the Iranian Cyber Army to hack the Voice of America website and to replace it with a propaganda statement making fun of VOA and the then Secretary of State Hillary Clinton.
Voice of America news website under an Iranian hacking attack in 2011 was showing anti-American slogans and a slur against then Secretary of State Hillary Clinton.
John Lansing, who took over the job of BBG CEO in September 2015 after being recommended to the BBG board by BBG Chairman Jeff Shell, has had no prior U.S. government service experience or any prior significant background in international news media, foreign affairs, foreign policy or public diplomacy. He and BBG Chairman have continued to rely on a few longtime International Broadcasting Bureau (IBB) executives. These executives have led Mr. Shell, Mr. Lansing and the entire agency astray on a number of issues documented in many other OIG reports over the years.
A BBG Private/Government Mission to Moscow
Another recent example of the BBG management meltdown has been what appears to be a private business trip to Russia by Chairman Shell, in which John Lansing and IBB deputy director Jeff Trimble also participated in an official U.S. government capacity and apparently also helped to arrange some parts of Mr. Shell’s “private” trip, also acting in an official capacity.
The Russians barred Mr. Shell from entering the country but allowed Mr. Lansing and Mr. Trimble to enter. While Jeff Shell, a Hollywood movie industry executive in his full-time job, was going to Putin’s Russia apparently to do some business for the private company he works for, Universal Filmed Entertainment, he was scheduled to meet Russian officials at a reception reportedly arranged by the BBG staff.
Anyone with any political sense would have known that the U.S. Government’s BBG Chairman doing private business in Russia at this time is a spectacularly bad idea, if not technically against the law, and that BBG officials assisting him in this venture exposed him and those going with him to a considerable danger, including making it easy for the Russian security agencies to access their phones and online activity in Moscow.
Jeff Shell can consider himself lucky that having followed bad advice from his BBG executives, he was only expelled from Russia. It could have been much worse for him because the Russian security services are quite capable of taking much more dangerous actions against those who appear to be easy targets.
Being inexperienced in U.S. government service, John Lansing may not yet realize that the federal government requires much greater openness to the public and gets much more public scrutiny, both in the United States and abroad, especially for the media/public diplomacy agency like the BBG, than what may be acceptable practice of limiting information in the interest of damage control in the private sector. In a statement issued on the expulsion of Chairman Shell from Russia, Lansing omitted a number of material facts in what could only be described as a deliberate attempt to hide the whole story of mismanagement within BBG from the American public and members of Congress. A Voice of America (VOA) report on the BBG mission to Moscow also omitted key material facts.
The Office of Inspector General should do an investigation on the BBG trip to Moscow to assess its appropriateness for the agency at this time in U.S.-Russia relations. The OIG should find out whether BBG officials used official time and government facilities to plan for and make arrangements for what appears to have been a private trip by the BBG Chairman with a questionable official component of inviting Putin’s officials to a BBG reception which Mr. Shell was reportedly planning to attend.
We repost below John Lansing’s letter to the OIG on cyber security lapses and his statement on the trip to Russia, as well as much more revealing comments made by the State Department spokesman on the controversial travel to Moscow by the BBG delegation. We also provide links to other OIG reports and audits which show gross mismanagement at the agency. Some of the executives, whom the most recent OIG report blames for poor cyber security, have been promoted and highly praised by Chairman Shell and retained in influential positions by John Lansing.
These documents show that the Broadcasting Board of Governors is today in a state of even greater chaos than it was before John Lansing joined the agency in September 2015.
OIG: Acting on the Office of Inspector General’s behalf, Williams, Adley & Company-DC, LLP (Williams Adley), an independent public accounting firm, collected information about the Broadcasting Board of Governors (BBG) computer systems and reviewed security controls for two of three systems identified by BBG containing PII systems: Privacy Information Enclave (PIE) and Identification Management System (IDMS).
This report describes the policies and controls used by BBG for each of the five specific topics identified in the Act: (1) logical access policies and practices; (2) logical access controls4 and multi-factor authentication5 used; (3) the reasons logical access controls or multi-factor authentication have not been used; (4) information security management practices used for covered systems; and (5) policies and procedures that ensure information security management practices are effectively implemented by other entities such as contractors.
With respect to logical access policies and practices, Williams Adley found that BBG did not have specific policies documenting logical access controls for PIE and IDMS. Instead, BBG documented logical access control policies for PIE and IDMS within System Security Plans (SSP). Each SSP included the relevant security controls at the system level as required.
With respect to access and multi-factor authentication, Williams Adley found that BBG does not use personal identity verification (PIV) multi-authentication to govern privileged user access to PIE. In addition, BBG permits remote access for privileged functions to PIE for compelling operational needs. BBG officials stated that there were no non-privileged user accounts on IDMS. Currently, there are two dedicated workstations that allow privileged access to IDMS. Privileged users are required to have a PIV card and pin, or PIV card and biometrics information, to access IDMS. Remote access is not allowed. Also, IDMS is operated by a third-party vendor as a managed service and is configured with one privileged account that is managed, controlled, and protected by the vendor for system administration and maintenance purposes.
With respect to why logical access controls or multi-factor authentication are not being used, BBG officials stated that the multi-factor authentication was not completed due to insufficient funding. In addition, the IDMS system was not fully developed to implement physical access controls to BBG facilities and logical access controls to BBG PII systems in accordance with the multi-factor authentication. However, BBG has been invited to participate in the U.S. Department of Homeland Security’s Credential Management Tool Procurement, which will supplement BBG’s PIV card logical access capabilities.
With respect to information security management practices used for covered systems, according to BBG officials the agency has not implemented data loss prevention or digital rights management solutions at the agency level or for the PII systems reviewed (PIE and IDMS). However, BBG has established alternative controls at the entity level including: (1) implementing a policy prohibiting physical documented records containing PII from being sent or removed from BBG’s premises; (2) implementing a policy preventing removal of portable storage devices that contain PII—considered data at endpoint—from BBG premises; (3) automatically logging remote access to BBG’s network for accountability; (4) properly retiring PII to the National Archives and Records Administration or destroying it when documents or devices containing PII are no longer necessary; and (5) properly retiring hardware and portable storage media by sanitizing them before disposal by using a wipeout utility or physically destroying them.
With respect to policies and procedures that ensure information security management practices are implemented by other entities such as contractors, Williams Adley found that BBG has not developed information security policies and procedures to ensure that all contracted/hosted information systems that contain BBG PII are implementing information security management practices. BBG officials stated that BBG has been relying on Memoranda of Agreement and Interconnection Security Agreements to manage the security and privacy controls.
Williams Adley provided a description of other security management practices used by the agency. For example, BBG stated it is using separate tools to track licenses associated with the software assets for its PII systems. However, a BBG official acknowledged that the agency does not have information security policies and procedures documented at the agency level to manage software assets installed on the PII systems. BBG officials also stated that BBG has implemented limited intrusion detection tools to monitor its PII systems and provide forensics and visibility capability to detect and remediate information security threats. However, BBG officials acknowledged that the agency has not implemented any specific technology solutions to manage its data loss prevention and digital rights management capabilities at the agency level and for the two PII systems reviewed.
BBG responded to a draft of this report on August 1, 2016. In its response, BBG proposed alternative language to protect sensitive details about security controls involving PII, in addition to providing additional details about its policies and procedures intended to protect PII. BBG’s comments were considered and incorporated in this report when appropriate. BBG’s comments are reprinted in Appendix D.
Mr. Norman P. Brown
Assistant Inspector General for Audits
Office of Inspector General
US Department of State
Dear Mr. Brown
Thank you for the opportunity to respond to the draft Information Report Description of Policies and Computer Security Control for Select Broadcasting Board of Governors Covered Systems.
As we discussed with your staff and contractor during the meeting on July 27, 2016, we believe the draft wording of the report provides sensitive details about the security controls for our Privacy Information Enclave (PIE) and these details should not be released into the public sphere. We would propose the following alternative language, which covers the necessary details but does not risk compromising the security of the system, for the paragraph beginning at the bottom of page 7 of the draft report:
BBG officials stated that BBG isolated the PIE system using a virtual environment and multiple layers of logical access controls. Only a limited number of dedicated workstations are granted privileges to access the PIE system and data. In addition, a server functions as the virtual desktop for users accessing the PIE system, which mitigates the risk of downloading PU data. BBG stated that only a small number of users and IT staff have access to the PIE system. The Enterprise Platforms Division Manager, who ultimately reports to the CIO, is responsible for account management, which includes routinely disabling temporary system accounts and automatically disabling inactive accounts.
In addition, at the above-referenced meeting, IBB staff confirmed that IBB does have policies and procedures that address security and privacy controls for contracted hosted systems. With respect to Section E of the report, the Agency has implemented policies and procedures to ensure that contractors are implementing security and privacy controls for information systems the Agency procures. The Agency’s policy on granting authority to operate information systems (11 BAM 100) establishes procedures for ensuring that contractors are implementing security and privacy controls identified in NIST guidance.
Agency’s policy on safeguarding Personally Identifiable Information (PII) (11 BAM 200) requires the Agency’s contracting officers to incorporate the Agency’s policy into contracts as necessary and to monitor and enforce contractor compliance. Because the Agency’s systems that contain PII are managed by other Federal agencies, 11 BAM 200 is currently applicable to service contractors whose work requires access to systems containing PII and would also be applicable to a contracted hosted information system that contained PII if the Agency later procured one We have attached these policies for your information and consideration.
Thank you again for the opportunity to respond and please do not hesitate to contact us should you have questions.
Sincerely,
John F. Lansing
Chief Executive Officer and Director
OIG:“Collectively, the information security control weaknesses we identified in this audit represent a significant deficiency to enterprise-wide security, as defined by OMB Memorandum M-14-04.3 We identified control weaknesses in 9 of the 11 information security program areas that considerably impacted BBG’s information security program. The most significant information security deficiencies are related to the risk management framework, continuous monitoring program, [Redacted] (b) (5)  contingency plans, configuration management, and the incident response and reporting program. In addition, information security program areas that need improvement include Plans of Action and Milestones (POA&M), remote access, identity and access management, and security training. Since FY 2010, the weak (and in some cases lack of) security controls adversely affected the confidentiality, integrity, and availability of information and information systems. As an example, according to a BBG official, the weak security controls resulted in the hacking of BBG Web sites in 2011.”
“A weak tone at the top,” “vulnerabilities in the management and oversight,” “an increased risk of fraud, waste, and abuse,” “insufficient oversight of contracts and grants,” weaknesses in financial management”, “inadequate information security,” “Voice of America’s Eurasia division director did not foster conditions for open communication in the Russian Service,” “several management control weaknesses in administrative operations” at OCB, “management did not communicate effectively and … decision-making processes lacked transparency,” “many employees expressed fear of reprisal by management if they raised concerns,” “BBG does not have sufficient oversight of the three grantees.”
Writing in a similar style to John Lansing’s recent letter to the OIG, BBG Chair Jeff Shell said in May 2015 that the leadership problem at the board level happened before the current board took over. He also pointed out in his letter, which was prepared by the BBG staff, that many of the problems identified in OIG reports have been solved or are being solved.
QUESTION: And what is your understanding of what happened to the head – the Broadcasting Board of Governors chairman? Have you made representations to the Russians? Will this come up when the Secretary is there – is it tomorrow or Friday?
MR TONER: So a couple of things on that, Matt. First of all, we’re still, frankly, in the process of sorting through all the details of what happened yesterday, or last night, and the timing of what occurred. But obviously, everybody’s seen the reports. You know also that the Broadcasting Board of Governors did issue a statement on the matter. I’d refer you to that and to them for additional details. I’m limited here. And I’m limited because we’ve not yet received a Privacy Act waiver. Once I do, I’ll be able to say a bit more but not a whole lot more about the incident and about the case.
QUESTION: Well, I —
MR TONER: I said a little bit. And I did —
QUESTION: So the Privacy Act now applies to officials – government – all right, it’s an independent government agency and I realize it is kind of a part – it is a part-time job.
MR TONER: Correct.
QUESTION: But he still was traveling in his official capacity. The BBG, as you noted, put out a statement. It said that the other people who were with him on this delegation went to the embassy, spoke to Ambassador Tefft, and then they thanked Ambassador Tefft and the Department back here for their urgent —
MR TONER: So I was going to finish that.
QUESTION: Oh, okay, I thought you were done.
MR TONER: I was – allow me to go on a little bit further and say —
QUESTION: I’m sorry. I thought you were done.
MR TONER: That’s okay. No worries. We were, when alerted – our embassy in Moscow – to what was happening and to the incident, we did obviously go and assist Chairman Shell. But your question highlights some of the ongoing questions and details that we’re trying to sort through, which is in exactly what capacity he was travelling. And I have to stop there because you said he is – it is a role that he plays. He is also a private citizen.
QUESTION: Well, it’s my understanding that he was supposed to go to a reception or to ceremony today marking the – an anniversary for Radio Liberty in Moscow. That would seem to me that he was doing this not in his private capacity at NBCUniversal but rather in his capacity as chairman of the BBG.
MR TONER: Again, I don’t want to read too much into this and I don’t want to – I just – all I’m trying to say, Matt, is I don’t have full Privacy Act clearance to go any further. And frankly, we’re still trying to sort through the details of what actually happened. As to why he was denied, that’s really something for the Russians to speak to. Whether we raised our concerns with the Russians – we did.
QUESTION: You did?
MR TONER: And whether it will come up with Secretary Kerry, I don’t know.
QUESTION: Okay. The Russians have said that the reason that he was denied entry was because he was put on an expanded stop list that was expanded because you guys expanded sanctions against individual Russians. Did they – have they not given you that explanation? They made it publicly.
MR TONER: Have they made that publicly?
QUESTION: The foreign ministry.
MR TONER: Well, look, Matt, I’m not going to – again, if they’ve said publicly, they’ve offered their explanation. I said it’s not for us to explain what happened to him. It’s for them to speak to why they refused his entry.
QUESTION: Well, I’m not really asking you to explain what happened to him.
MR TONER: Okay.
QUESTION: I would like to know whether or not you disagree with what happened to him. When you say you express your concerns, did you —
MR TONER: Well, look, we’re concerned.
QUESTION: — did you protest it?
MR TONER: We expressed our concerns about what happened. We’re still trying to see – sort through the precise details of what happened, and why he was refused. I’m aware of some of the public comments that they’ve made, certainly. And with regard to that public reason that they gave, all I’ll say to that is, look, the appropriate response for Russia to any of our sanctions would be to address the concerns on which our sanctions are based and not to do a tit-for-tat.
QUESTION: What?
MR TONER: You’re saying that – you’re saying that public – that the public response that he gave, that he was put on a no-fly list or a no-entry list —
QUESTION: Yes, both – both countries do this tit-for-tat all the time. You guys never seem to – when they – why are you asking them to do what you guys won’t do?
MR TONER: Our sanctions are —
QUESTION: I mean, there were just two – four diplomats, two from each side, expelled from each of the countries last week. This happens on and – happens over and over again. It doesn’t seem like any – is that really a reasonable or a logical expectation?
MR TONER: Well, it is in the sense of if Russia wants the sanctions lifted – all the sanctions – we’ve spelled out a clear way by which those sanctions can be lifted. So if they meet those commitments and they meet those expectations, then they can be lifted.
QUESTION: Well, is it fair to say that you have a problem with this guy not being able to get in to the country?
MR TONER: It’s fair to say we have concerns about what happened, yes.
QUESTION: All right.
QUESTION: Mark?
MR TONER: Yeah, please.
MR TONER: Do you think – I mean, given the increasing diplomatic tensions going on, not only the fact that you expelled some of theirs, but this is now the latest in a long list that’s been going on now for several weeks, do you really think this is business as usual between the countries? I mean, there’s a lot festering —
MR TONER: I wouldn’t use that term.
QUESTION: There’s a lot festering underneath here, and —
MR TONER: But I wouldn’t use that term. I mean, look, we’re – the Secretary is traveling to Moscow and he’s been very clear what the goal is, and that is to try to resuscitate the cessation of hostilities and the fact that we are yet again going to Russia to try to get its buy-in on a process that can lead to a nationwide ceasefire, or a cessation of hostilities. We haven’t seen that thus far, but we’re having another go at this. The Secretary has been very clear about the fact that they’ve not lived up to their commitments so far in terms of exerting influence on the regime to stop these ongoing attacks on opposition forces who are adhering to the cessation of hostilities. And the overall effect of that is you’ve got ongoing violence, you don’t have a nationwide cessation of hostilities that all these parties have allegedly committed to and the regime has committed to, and that just stymies the political process, and you’ve just got – you – so you can’t go forward on this, and we need to go forward.
Q And then, yesterday, an appointee that President Obama named — Jeff Shell — to the Broadcasting Board of Governors was briefly detained and then deported from Russia. This is just a string of recent incidents where American diplomats and personnel have been harassed — high-profile incidents. Is this something that the President would like Secretary Kerry to raise in the meeting? And given the harassment of Americans, that doesn’t set a good table for the U.S. to go in and negotiate with Russia right now if they feel that willing to assault American diplomats in the street.
MR. EARNEST: Well, I can’t speak to any individual case. And I’ll let my colleagues at the State Department provide a readout of Secretary Kerry’s discussions with leaders in Russia. I’ll just say in general, as it relates to U.S. diplomats, that we regularly remind leaders in countries around the world where our diplomats are stationed that those countries have a responsibility, they have made a commitment to ensure the safety and security of U.S. diplomats that are serving around the world. We expect every country, including Russia, to live up to that commitment.
Q Is the President aware that Jeff Shell was detained and deported yesterday?
MR. EARNEST: Again, I’m just not in a position to speak to any individual cases. The President is certainly aware of specific concerns about mistreatment of U.S. diplomats in Russia.
John F. Lansing,Chief Executive Officer and Director. The CEO and Director oversees all aspects of U.S. international media. He provides day-to-day management of BBG’s operations, including oversight of the technical, professional, and administrative support as well as strategic guidance and management of other programs.
On Tuesday, BBG Board Chairman Jeff Shell was denied entry into Russia and detained at Moscow’s Sheremetevo Airport. Despite having a valid passport and Russian visa, he was detained in a locked room for several hours, before being accompanied by Russian security officials to board a flight to Amsterdam.
The Russian Foreign Ministry subsequently announced, falsely, that Chairman Shell was a key organizer of “anti-Russian propaganda” and was being sanctioned in retaliation to the United States’ visa sanctions against Russian citizens. They further clarified their position by emphasizing that anyone who sanctions Russia should expect “unavoidable retaliation.”
This blatant aggression is unfortunately not reserved for foreign officials and businessmen. Every day, the Russian government silences critics and tightly controls the flow of information in and around the country. Voice of America and Radio Free Europe/Radio Liberty provide unbiased and uncensored news and information to audiences living in Russia and the Russian periphery. But they do so at great risk.
Over the last year, journalists at VOA and RFE/RL have been the subject of numerous smear campaigns orchestrated by Kremlin-supported media, and several of our reporters and contributors have been threatened and have had their homes searched.
And while Russia Today (RT) and Sputnik enjoy access to the airwaves in the United States, U.S. international broadcasters are denied licenses to broadcast in Russia.
The mission of the Broadcasting Board of Governors is clear. We have and will continue to inform, engage, and connect people around the world in support of freedom and democracy. I am proud of the innovative programs and services our dedicated journalists and staff have provided to the Russian public. We believe they have the right to unfettered access to information, and we will continue to report the facts and provide access to basic information.
While the incident with our Board Chair was unfortunate, it reminds us why the work we do is so important and why we will not be deterred.
Jeff Shell, Chairman of the Board, Broadcasting Board of Governors.
WASHINGTON, D.C. — BBG Chairman Jeff Shell was denied entry into Russia and detained at Moscow’s Sheremetevo Airport last night after arriving shortly before midnight on a flight from Prague. Shell was denied entry into the country despite having a valid passport and Russian visa, and subsequently detained in a locked room for several hours, before being accompanied by Russian security officials to board a flight to Amsterdam. No explanation has yet been given to Shell, or the BBG, for his detention.
Shell told colleagues with whom he was traveling that airport security authorities told him the denial of entry into Russia has permanent status and is “a life-time ban.”
BBG officials met with U.S. Ambassador John Tefft in Moscow this morning to discuss the incident and to thank the Ambassador and the U.S. Department of State for their urgent attention to the matter.
Mr. Shell is a Presidential appointee who serves in a part-time capacity as Chairman of the Board that oversees all U.S. international media. He is also the chairman of NBCUniversal’s Filmed Entertainment Division.
The chairman of the Broadcasting Board of Governors, which oversees the Voice of America, Radio Free Europe, and other U.S. government broadcasters, was denied entry to Russia this week and detained for several hours at a Moscow airport.
BBG chairman Jeff Shell is also chairman of the NBC Universal media conglomerate. Russian officials said he has been placed on a “stop list of individuals denied entry into Russia for his role in steering anti-Russian propaganda,” the Tass news agency reported.
Russian authorities pulled Shell out of a line of arriving travelers at the airport late Tuesday, although he had a valid Russian visa.
Shell said he was held in a locked room for several hours before authorities put him on a flight to Amsterdam. The BBG chairman told colleagues he was informed he was being denied entry to Russia permanently, and now is subject to a “lifetime ban.”
“An armed guard came and got me at about 5 a.m. and walked me onto the plane and to my seat,” Shell told reporters Wednesday morning when he arrived in Western Europe. “He gave my passport to the pilot and said not to give it back to me until I was on Dutch soil. It was quite embarrassing.”
The Russian Foreign Ministry said Shell was barred from Russia because he is chief of a “propagandist” U.S. government agency.
It also said the ban was retaliation for U.S. travel sanctions against 70 Russians, including several high-ranking officials, over what Russia contends are “highly contrived pretexts” concerning Ukraine.
“Sanctions are always a doubled-edged sword. Whoever introduces them against Russia should be mindful of the imminence of counter-measures,” a ministry statement said.
BBG officials have met in Moscow with U.S. Ambassador John Tefft.
State Department spokesman Mark Toner said the U.S. has raised its concerns, but does not know if Secretary of State John Kerry plans to bring it up during his upcoming talks in Moscow.
Ties between Russia and the United States have generally been cool over Russian backing for separatists in Ukraine, and Russian airstrikes on U.S.-backed opposition fighters in Syria.
Two Russian diplomats were expelled from the United States in June after a Russian policeman attacked an American diplomat outside the U.S. embassy in Moscow.
OIG: “Collectively, the information security control weaknesses we identified in this audit represent a significant deficiency to enterprise-wide security, as defined by OMB Memorandum M-14-04.3 We identified control weaknesses in 9 of the 11 information security program areas that considerably impacted BBG’s information security program. The most significant information security deficiencies are related to the risk management framework, continuous monitoring program, [Redacted] (b) (5)  contingency plans, configuration management, and the incident response and reporting program. In addition, information security program areas that need improvement include Plans of Action and Milestones (POA&M), remote access, identity and access management, and security training. Since FY 2010, the weak (and in some cases lack of) security controls adversely affected the confidentiality, integrity, and availability of information and information systems. As an example, according to a BBG official, the weak security controls resulted in the hacking of BBG Web sites in 2011.”
Comments are closed.