Oversight

Oversight Committee investigates DHS senior staff for improper email practices

Jeh Johnson

DHS Secretary Jeh Johnson is under fire from a House committee over use of personal email on government systems.

Department of Homeland Security Secretary Jeh Johnson prioritized cybersecurity in his final state-of-the-agency speech in February, but the House Committee on Oversight and Government Reform is investigating the alleged use of personal email on DHS systems by Johnson and 28 other DHS senior staffers. Without a waiver, accessing personal email at work violates an April 2014 policy directive that bans such use, except in cases where "valid mission requirements" prevent compliance.

The staff said they were granted "informal waivers" to do so. However, the policy outlines a waiver process that must "document the problems that would be created by compliance with the directive and must include a plan to bring the procedure or control into compliance." Waiver requests are subject to the Chief Information Security Officer's final authority.

In a letter addressed to Johnson, committee Chairman Jason Chaffetz (R-Utah) admonished the secretary for improper e-mail practices and requested information about the informal waiver process.

"Nothing in the directive justifies permitting senior DHS officials to continue access to personal email accounts from DHS computers for a limited time, let alone permitting open-ended access through an 'informal' waiver process," Chaffetz wrote.

"The use of an informal process to skirt cybersecurity rules and regulations creates the appearance that senior DHS officials consider themselves above the rules they expect rank and file employees to abide by," continued Chaffetz. "This posture raises a number of questions, especially in light of DHS's recently expanded cybersecurity role."

The oversight committee is seeking all DHS documents and communications pertaining to waivers and the waiver process, the names and titles of those who approved the waivers and the dates they were requested and approved, as well as the justifications for the waivers -- all by noon on March 24

The committee also asked DHS to identify all employees who currently hold waivers permitting them to access personal email on DHS equipment, and to provide a "briefing… to cover how the waiver program began and operated, and the risks posed by the program with regard to cybersecurity and Federal Records Act compliance" by the same deadline.

About the Author

Chase Gunter is a former FCW staff writer.

Featured

  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.