While Clinton used home email, State's networks were at risk

[webfact]

While Clinton used home email, State's networks were at risk
By KEN DILANIAN

WASHINGTON (AP) — Hillary Rodham Clinton has come under fierce criticism for doing business over personal email while secretary of state, putting sensitive data at risk of being hacked. But her communications may not have been any more secure had she used a State Department email address, judging by years of independent audits that excoriated the department over poor cyber security on Clinton's watch.

The State Department's unclassified email system was breached by hackers linked to Russia last year who stole an unspecified number of emails. The hackers hit a department that was among the worst agencies in the federal government at protecting its computer networks while Clinton was secretary from 2009 to 2013, a situation that continued to deteriorate as John Kerry took office, according to independent audits and interviews.

The State Department's compliance with federal cybersecurity standards was below average when Clinton took over but grew worse in each year of her tenure, according to an annual report card compiled by the White House based on audits by agency watchdogs. Network security continued to slip after Kerry replaced Clinton in February 2013, and remains substandard, according to the State Department inspector general.

In each year from 2011 to 2014, the State Department's poor cybersecurity was identified by the inspector general as a "significant deficiency" that put the department's information at risk. The latest assessment is due to be published in a few weeks.

Clinton, the front-runner for the Democratic presidential nomination, has apologized for her use of a private email server for official business while she was secretary of state. The FBI is investigating whether her home server was breached.

State Department officials don't dispute the compliance shortcomings identified in years of internal audits, but argue that the audits paint a distorted picture of their cybersecurity, which they depict as solid and improving. They strongly disagree with the White House ranking that puts them behind most other government agencies. Senior department officials in charge of cybersecurity would speak only on condition of anonymity.

"We have a strong cybersecurity program, successfully defeating almost 100 percent of the 4 billion attempted intrusions we experience each year," spokesman Mark Toner said.

Two successive inspectors general haven't seen it that way. In December 2013, IG Steve Linick issued a "management alert" warning top State Department officials that their repeated failure to correct cybersecurity holes was putting the department's data at risk.

Based on an audit by Linick, State scored a 42 out of 100 on the federal government's latest cybersecurity report card, earning far lower marks than the Office of Personnel Management, which suffered a devastating breach last year. State's scores bested only the Department of Health and Human Services and the Department of Housing and Urban Development. State Department officials complain the grades are subjective.

The hack from Russia was so deep that State's email system had to be cut off from the Internet in March while experts worked to eliminate the infestation.

Clinton approved significant increases in the State Department' information technology budgets while she was secretary, but senior State Department officials say she did not spend much time on the department's cyber vulnerabilities. Her emails show she was aware of State's technological shortcomings, but was focused more on diplomacy.

Clinton's campaign staff did not respond to repeated and detailed requests for comment.

Emails released by the State Department from her private server show Clinton and her top aides viewed the department's information technology systems as substandard and worked to avoid them.

"State's technology is so antiquated that NO ONE uses a State-issued laptop and even high officials routinely end up using their home email accounts to be able to get their work done quickly and effectively," top Clinton aide Ann-Marie Slaughter wrote in an email to Clinton on June 3, 2011.

Under Clinton and Kerry, the State Department's networks were a ripe target for foreign intelligence services, current and former government officials say, echoing the situation at OPM, which last year saw sensitive personnel data on 21 million people stolen by hackers linked to China.

The Russian hackers who broke into State's email system also infiltrated networks at the Defense Department and the White House, officials say, and no clear line can be drawn between their success and State's dismal security record.

But as with OPM, State's inspector general identified many of the same basic cybersecurity shortcomings year after year, and the department failed to correct them, records show.

State Department officials say that only email was taken in the hack, and that no sensitive databases were breached. The National Security Agency conducted a classified assessment and deemed the breach significant and severe, two officials say.

Those officials, and many others interviewed for this story, declined to be quoted because they were not authorized to address the matter publicly.

Although the hacked email system was unclassified, State Department personnel regularly use it communicate very sensitive information. It would be valuable intelligence for a foreign adversary, officials say.


-- (c) Associated Press 2015-10-20

[shirtless]

Clinton is a useless old windbag , put her in jail like they would you or i

[DaddyWarbucks]

This story explains everything and exonerates Hillary Clinton.

That's the takeaway message. Get it?

[godden]

And she wants to be in charge of the nuke button, good luck with that one.

[Usernames]

This story explains everything and exonerates Hillary Clinton.

That's the takeaway message. Get it?

Actually it implies that Hillary was doing us all a big favor and actually enhancing security, which she "controlled" at home, as opposed to all those big bad dangerous State Dept. servers.

[Hayduke]

Okay...that explains everything.

The State Department's email system was hopelessly corrupt, unreliable and compromised by the bad guys.

So...rather than fix things (which would alert the forces of evil), Ms. Clinton wisely used her home email server to circumvent danger and avoid the perils of State department security failures.

And, with characteristic modesty never claimed credit for the brilliant plan.

She did it not out of negligence, but out of love for the American people.

Marvelous.

[RaoulDuke]

Funny how when Bush/Cheney 'lost' 5 million emails relating to the politically motivated firing of 8 US Attorneys, the 'liberal' media managed to forget about that story in less than a week, but they just can't get enough of talking about Hillary doing something she was authorized by the State Department to do with her emails.

Edited October 20, 2015 by RaoulDuke

[chuckd]

Funny how when Bush/Cheney 'lost' 5 million emails relating to the politically motivated firing of 8 US Attorneys, the 'liberal' media managed to forget about that story in less than a week, but they just can't get enough of talking about Hillary doing something she was authorized by the State Department to do with her emails.

Just for the record, there were not 5 million emails, there were 30 million emails.

Also for the record, every single one of them was located when they figured out where they had been filed.

So far Hillary has lost 30,000 more than the Bush administration ever did.

[Publicus]

From the OP:

Emails released by the State Department from her private server show Clinton and her top aides viewed the department's information technology systems as substandard and worked to avoid them.

"State's technology is so antiquated that NO ONE uses a State-issued laptop and even high officials routinely end up using their home email accounts to be able to get their work done quickly and effectively," top Clinton aide Ann-Marie Slaughter wrote in an email to Clinton on June 3, 2011.

Reading the thread reminds me of the old saying among lawyers that when you have the facts pound on the facts, and when you don't have the facts pound on the table. The thumping by the increasingly desperado right does get one's attention so it is a good idea to set the record straight as the record is provided by the OP.

[RaoulDuke]

Funny how when Bush/Cheney 'lost' 5 million emails relating to the politically motivated firing of 8 US Attorneys, the 'liberal' media managed to forget about that story in less than a week, but they just can't get enough of talking about Hillary doing something she was authorized by the State Department to do with her emails.

Just for the record, there were not 5 million emails, there were 30 million emails.

Also for the record, every single one of them was located when they figured out where they had been filed.

So far Hillary has lost 30,000 more than the Bush administration ever did.

22 million in total magically appeared at the end of his reign of terror. I sincerely doubt that less than 30,000 are still unaccounted for. The real issue is that anyone using email for work can easily attest to the fact that the vast majority of emails sent and received are of little to no value at all, so of course they would be deleted. This is hardly a scandal. She was Secretary of State. She had access to highly confidential information that will never be made public. Get over it.

[chuckd]

Funny how when Bush/Cheney 'lost' 5 million emails relating to the politically motivated firing of 8 US Attorneys, the 'liberal' media managed to forget about that story in less than a week, but they just can't get enough of talking about Hillary doing something she was authorized by the State Department to do with her emails.

Just for the record, there were not 5 million emails, there were 30 million emails.

Also for the record, every single one of them was located when they figured out where they had been filed.

So far Hillary has lost 30,000 more than the Bush administration ever did.

22 million in total magically appeared at the end of his reign of terror. I sincerely doubt that less than 30,000 are still unaccounted for. The real issue is that anyone using email for work can easily attest to the fact that the vast majority of emails sent and received are of little to no value at all, so of course they would be deleted. This is hardly a scandal. She was Secretary of State. She had access to highly confidential information that will never be made public. Get over it.

Do you have the same cavalier attitude to every potential law breaker, or is it selective?