Government people were using personal email for government business the day after email was invented. We have a former Secretary of State, running for President, who set up a server to do it from her basement, and a Secretary of Defense who did it for several months - as we found out yesterday. The difference between people who used to do it, and people who do it now, should be obvious to anyone. Hackers were not that prevalent in the early days of email. Today is different.
We are missing something from these high offices - security education. Our security folks are lazy and think sending around a note or an email will suffice to get the attention of an executive who gets 1000 of them a day. If that person finds the email, they have other priorities that keep them from reading it. These kinds of briefings have to be in person, and have to have a credible threat briefing that tells individuals why they shouldn't be using private emails, unless they want those emails to be read by many groups of foreign intelligence, hacker gangs, and kids in the neighborhood with nothing much else to do. We used to read that email and take it in for the leader to see. That was ethical hacking for a purpose. Nobody seems to do that anymore.
This is partly policy, since a few people in State knew what was going on but didn't notice that there was no policy prohibiting the use of personal email for government business. Why there has to be such a policy is a mystery, since presumably we are putting smart people in these positions and they should know better. However, for the sake of appearances, there should be a policy for those who think they can do anything if there is no prohibition against it. It is a flaw in our policy that allows that belief. We should not have to tell every person in a position of trust and leadership what they can and cannot do. As we know, they will do what they want, policy or no policy, so having one that is ignored is no better than not having one. It is just an excuse for being careless.
They are out of excuses for this kind of behavior. We should not accept any. Leaders, in the White House, at the Secretary levels of government, in the military, and all the other places who should no better, should not be allowed any excuses. No email for government business. We spend millions of dollars to make a system they can use to communicate with one another, but they use something else. If that something else is secure, stop spending the money on all those systems. Get contracts with Something Else and start using it. No excuses.
No comments:
Post a Comment