Oversight

Oversight Committee investigates DHS senior staff for improper email practices

Jeh Johnson

DHS Secretary Jeh Johnson is under fire from a House committee over use of personal email on government systems.

Department of Homeland Security Secretary Jeh Johnson prioritized cybersecurity in his final state-of-the-agency speech in February, but the House Committee on Oversight and Government Reform is investigating the alleged use of personal email on DHS systems by Johnson and 28 other DHS senior staffers. Without a waiver, accessing personal email at work violates an April 2014 policy directive that bans such use, except in cases where "valid mission requirements" prevent compliance.

The staff said they were granted "informal waivers" to do so. However, the policy outlines a waiver process that must "document the problems that would be created by compliance with the directive and must include a plan to bring the procedure or control into compliance." Waiver requests are subject to the Chief Information Security Officer's final authority.

In a letter addressed to Johnson, committee Chairman Jason Chaffetz (R-Utah) admonished the secretary for improper e-mail practices and requested information about the informal waiver process.

"Nothing in the directive justifies permitting senior DHS officials to continue access to personal email accounts from DHS computers for a limited time, let alone permitting open-ended access through an 'informal' waiver process," Chaffetz wrote.

"The use of an informal process to skirt cybersecurity rules and regulations creates the appearance that senior DHS officials consider themselves above the rules they expect rank and file employees to abide by," continued Chaffetz. "This posture raises a number of questions, especially in light of DHS's recently expanded cybersecurity role."

The oversight committee is seeking all DHS documents and communications pertaining to waivers and the waiver process, the names and titles of those who approved the waivers and the dates they were requested and approved, as well as the justifications for the waivers -- all by noon on March 24

The committee also asked DHS to identify all employees who currently hold waivers permitting them to access personal email on DHS equipment, and to provide a "briefing… to cover how the waiver program began and operated, and the risks posed by the program with regard to cybersecurity and Federal Records Act compliance" by the same deadline.

About the Author

Chase Gunter is a staff writer covering civilian agencies, workforce issues, health IT, open data and innovation.

Prior to joining FCW, Gunter reported for the C-Ville Weekly in Charlottesville, Va., and served as a college sports beat writer for the South Boston (Va.) News and Record. He started at FCW as an editorial fellow before joining the team full-time as a reporter.

Gunter is a graduate of the University of Virginia, where his emphases were English, history and media studies.

Click here for previous articles by Gunter, or connect with him on Twitter: @WChaseGunter

Featured

  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.