“E-mailgate” makes us wonder how many government officials regularly work off the government grid.
It has become clear that Hillary Clinton was the latest Fed to be exposed, but far from the only one to say “no thanks” to .gov. In fact, it may be surprisingly – alarmingly – common not to use a government e-mail account.
At Defense, Chuck Hagel used a private e-mail account. So did Karl Rove during his tenure at the White House. It goes to show that this is not a political story because people in both parties shun .gov accounts.
Secretary of State John Kerry is the first head of the State Department to have an official government e-mail account. Trailblazer!
State IG’s Warning
A State Department inspector general’s report warned of the danger of going off the grid.
A 2012 report by the State Department’s inspector general said an ambassador’s use of private e-mail for public work was a violation of agency rules and created security risks. The report said that agency policies permitted the use of private e-mails only for “maintaining communication during emergencies,” according to a story by the Washington Post’s Carol Leonnig.
Department policy requires that “normal day-to-day operations be conducted on an authorized information system, which has the proper level of security controls.”
An unauthorized system, the report said, increases the risk of “data loss, phishing, and spoofing of e-mail accounts.” In addition, the report warned that private e-mail use could result in the “loss of official public records” because many systems do not have “approved record preservation or backup functions.”
Experts probing the domain used by Mrs. Clinton found some common vulnerabilities, including problems with the underlying certificate, Bloomberg’s Michael Riley reported.
What’s a CIO to Do?
So where do we go from here? The plight of the Federal CIO just became crystal clear. CDM, TIC, Einstein, $14 billion in Fiscal 2016 cybersecurity spending is rendered ineffective when employees go off the reservation.
The GAO will get to the bottom of it, but it will take six months…
Let’s launch our own unscientific study right now.
CIOs of the Federal world unite – tell us if you think this is a problem at your agency. Are employees putting data at risk by using private email accounts rather the .gov accounts? How widespread is the problem? What’s the solution?
We’ll share the results.
Join the conversation. Post a comment below or email me at firstname.lastname@example.org.