Oversight Committee investigates DHS senior staff for improper email practices
- By Chase Gunter
- Mar 16, 2016
DHS Secretary Jeh Johnson is under fire from a House committee over use of personal email on government systems.
Department of Homeland Security Secretary Jeh Johnson prioritized cybersecurity in his final state-of-the-agency speech in February, but the House Committee on Oversight and Government Reform is investigating the alleged use of personal email on DHS systems by Johnson and 28 other DHS senior staffers. Without a waiver, accessing personal email at work violates an April 2014 policy directive that bans such use, except in cases where "valid mission requirements" prevent compliance.
The staff said they were granted "informal waivers" to do so. However, the policy outlines a waiver process that must "document the problems that would be created by compliance with the directive and must include a plan to bring the procedure or control into compliance." Waiver requests are subject to the Chief Information Security Officer's final authority.
In a letter addressed to Johnson, committee Chairman Jason Chaffetz (R-Utah) admonished the secretary for improper e-mail practices and requested information about the informal waiver process.
"Nothing in the directive justifies permitting senior DHS officials to continue access to personal email accounts from DHS computers for a limited time, let alone permitting open-ended access through an 'informal' waiver process," Chaffetz wrote.
"The use of an informal process to skirt cybersecurity rules and regulations creates the appearance that senior DHS officials consider themselves above the rules they expect rank and file employees to abide by," continued Chaffetz. "This posture raises a number of questions, especially in light of DHS's recently expanded cybersecurity role."
The oversight committee is seeking all DHS documents and communications pertaining to waivers and the waiver process, the names and titles of those who approved the waivers and the dates they were requested and approved, as well as the justifications for the waivers -- all by noon on March 24
The committee also asked DHS to identify all employees who currently hold waivers permitting them to access personal email on DHS equipment, and to provide a "briefing… to cover how the waiver program began and operated, and the risks posed by the program with regard to cybersecurity and Federal Records Act compliance" by the same deadline.
Chase Gunter is a former FCW staff writer.