DHS Officials Put National Security at Risk with Webmail

When former Secretary of State and now Democratic presidential candidate Hillary Clinton used a personal e-mail account at the U.S. Department of State, it caused an uproar and an investigation. As it turns out, she wasnEUt the only one to break the rules.

Department of Homeland Security (DHS) Secretary Jeh Johnson (pictured above) and 28 of his senior staffers have been using private Web-based e-mail platforms from their work computers for over 12 months. Cybersecurity experts, as well as advocates of government transparency, criticize such practices -- and it also flat out breaks DHS rules.

"The use of Internet Webmail (Gmail, Yahoo, AOL) or other personal e-mail accounts is not authorized over DHS furnished equipment or network connections,EU according to the DHS Sensitive Systems Policy Directive issued in April 30, 2014.

What Went Wrong?

So what happened? Was this blatant rebellion? Hot shots looking to skirt the system for nefarious purposes? Not really. Johnson and his staffers apparently had obtained informal waivers that allowed them to override the directive, according to published news reports quoting a EUtop DHS official.EU

We caught up with Kevin Foisy, chief software architect and co-founder of software security firm Stealthbits Technologies, to get his reaction to the news. He told us itEUs not unusual for senior people in an organization to be exempted from normal IT security practices.

EUManagement clout sometimes tends to overrule the best IT security,EU Foisy said. EUBut in the case of DHS and access to external e-mail, this is a bit surprising. E-mail is one of the leading exploited entry points into organizations: the phishing attack.EU

Wide Open Back Door

Indeed, the State DepartmentEUs e-mail was hacked in 2014. The agency reported EUactivity of concernEU in parts of its e-mail system, according to several news reports, citing a senior official.

In April, news emerged that Russia may have hacked...

Comments are closed.