前沿資訊：在微軟違規(guī)后，美國(guó)國(guó)務(wù)院加強(qiáng)網(wǎng)絡(luò)安全

US State Department enhances cybersecurity post Microsoft breach
美國(guó)國(guó)務(wù)院在微軟違規(guī)后加強(qiáng)網(wǎng)絡(luò)安全

Following a major cyberattack last year that saw hackers infiltrate the US Department of State’s network, the agency has expanded its cybersecurity efforts beyond its reliance on Microsoft. This reinforcement of the defence strategy comes after the breach compromised around 60,000 State Department emails, including those of high-profile officials like Commerce Secretary Gina Raimondo. Criticism was directed at Microsoft, with the Cyber Safety Review Board questioning the company’s transparency regarding the incident.
去年發(fā)生的一次重大網(wǎng)絡(luò)攻擊導(dǎo)致與有關(guān)的黑客滲透到美國(guó)國(guó)務(wù)院網(wǎng)絡(luò)后，該機(jī)構(gòu)已將其網(wǎng)絡(luò)安全工作擴(kuò)大到不再依賴(lài)微軟。此次加強(qiáng)防御戰(zhàn)略是在大約60,000封國(guó)務(wù)院電子郵件遭到泄露之后，其中包括商務(wù)部長(zhǎng)吉娜·雷蒙多 (Gina Raimondo) 等高調(diào)官員的電子郵件。批評(píng)針對(duì)的是微軟，網(wǎng)絡(luò)安全審查委員會(huì)質(zhì)疑該公司在該事件上的透明度。

Kelly Fletcher, the department’s chief information officer, highlighted concerns about the security of corporate networks, emphasising the importance of all vendors ensuring secure systems. The hacking group, identified by Microsoft as Storm-558, obtained access to a digital key, allowing them to breach government inboxes.
該部門(mén)的首席信息官凱利·弗萊徹（Kelly Fletcher）強(qiáng)調(diào)了對(duì)企業(yè)網(wǎng)絡(luò)安全的擔(dān)憂，并強(qiáng)調(diào)所有供應(yīng)商確保系統(tǒng)安全的重要性。這個(gè)被微軟稱(chēng)為 Storm-558 的黑客組織獲得了數(shù)字密鑰的訪問(wèn)權(quán)限，從而能夠侵入政府收件箱。

In response to the breach, the US State Department has diversified its vendor portfolio, incorporating companies like Palo Alto, Zscaler, and Cisco alongside Microsoft. While Microsoft managed to revoke the hackers’ access, Fletcher expressed concerns over the potential broader impact of the breach. The department has since bolstered its security measures, including multifactor authentication and data encryption, significantly increasing cybersecurity fundamentals across its systems.
為了應(yīng)對(duì)此次泄露事件，美國(guó)國(guó)務(wù)院對(duì)其供應(yīng)商組合進(jìn)行了多元化，除了微軟之外，還納入了 Palo Alto、Zscaler 和 Cisco 等公司。雖然微軟設(shè)法撤銷(xiāo)了黑客的訪問(wèn)權(quán)限，但弗萊徹對(duì)此次泄露可能造成的更廣泛影響表示擔(dān)憂。此后，該部門(mén)加強(qiáng)了安全措施，包括多因素身份驗(yàn)證和數(shù)據(jù)加密，顯著增強(qiáng)了整個(gè)系統(tǒng)的網(wǎng)絡(luò)安全基礎(chǔ)。

Despite criticism, Microsoft remains a key player in the State Department’s cybersecurity framework. The agency thoroughly analysed its communications with Microsoft following a separate breach linked to Russian hackers, concluding that sensitive information was not compromised. With ongoing efforts to fortify its cybersecurity posture, the State Department aims to mitigate future threats and maintain the integrity of its digital infrastructure.
盡管受到批評(píng)，微軟仍然是國(guó)務(wù)院網(wǎng)絡(luò)安全框架的關(guān)鍵參與者。在與俄羅斯黑客有關(guān)的單獨(dú)違規(guī)事件發(fā)生后，該機(jī)構(gòu)徹底分析了其與微軟的通信，得出的結(jié)論是敏感信息并未受到損害。通過(guò)不斷努力加強(qiáng)其網(wǎng)絡(luò)安全態(tài)勢(shì)，國(guó)務(wù)院的目標(biāo)是減輕未來(lái)的威脅并保持其數(shù)字基礎(chǔ)設(shè)施的完整性。"