State plans departmentwide phishing trip
The State Department has selected a vendor to provide a "phishing as a service" solution to improve employee cyber hygiene worldwide.
State Department employees should get ready to receive some funky email messages. The agency announced it had signed a deal with eGlobalTech to test the cyber hygiene of State employees around the world.
The $470,000 contract, announced May 25 on the FedBizOpps contracting website, calls for eGlobalTech to supply "phishing as a service" to the department. According to contracting documents, State's Office of Policy, Liaison and Training sought a vendor to concoct phishing email messages, send them to employees around the world and track the responses.
The deal is for one year with a two-year option. The vendor will send the phishing messages from its own server infrastructure to make sure that State data does not get mixed up with contractor or other data.
Employees who are fooled by the messages can look forward to "corrective training," according to a limited-source justification document included in the award notice.
It is just one aspect of State's efforts to improve basic cyber hygiene. The department is offering to train Foreign Service officers who want to specialize in cybersecurity with the goal of creating a cadre of qualified personnel worldwide who watch for threats and make sure department standards are being upheld in the sending of cables and other sensitive activities.