EXCLUSIVE: ED IG Complaint: Bypassing Federal Retention Requirements

admin October 13, 2018
Connect--But, be very careful

EDITOR: We received this from the original complainant who died several months ago and am sharing this as a public service.  The distribution of this information is not intended to affirm any judgement regarding the matter. The individual is considered a very reputable source based upon his knowledge and history at the Department of Education (ED).

ED OIG hotline complaint filed :  2 February 2, 2018

“In the last few weeks, …the Chief Information Officer (CIO) at the U.S. Department of Education (ED) has purposely and with intent built a separate server for the Secretary of Education…. This separate server bypasses all established ED Information Technology (IT) security protocols by deploying the server outside the EDUCATE DMZ/firewall. It is not clear where the secretary’s private server is located, or who runs and maintains it, but it is rumored to be housed in a commercial off-site [location].  The Secretary’s private email server houses both official U.S. Government information, as well as private information.”

“The private email server was established in order to appease the Secretary who was disgruntled and annoyed with [the CIO’s] at the slow performance of the EDUCATE platform, and demanded an “outside” solution be found immediately.  [The CIO] knowingly and willfully violated numerous ED and other Federal security protocols in establishing this rogue commercial server, choosing to disregard his own security and operational mandates under FISMA, FITARA, NIST, and other Federal statutory  requirements.”

Federal Records Act

  1. “The act and its related regulations define Federal records, mandate the creation and preservation of those records necessary to document Federal activities, establish Government ownership of records, and provide the exclusive legal procedures for the disposition of records.”

Richard J. Cox, Closing an Era: Historical Perspectives on Modern Archives and Records Management (Greenwood: 2000), pp. 3-4.

2. Potential Violations: “The head of each Federal agency shall notify the Archivist of any actual, impending, or threatened unlawful removal, defacing, alteration, corruption, deletion, erasure, or other destruction of records in the custody of the agency, and with the assistance of the Archivist shall initiate action through the Attorney General for the recovery of records the head of the Federal agency knows or has reason to believe have been unlawfully removed from that agency, or from another Federal agency whose records have been transferred to the legal custody of that Federal agency.”

https://www.archives.gov

Senior officials of the US Government ARE required to maintain any documents, emails, etc., because they belong to all of us…creating a server “off the grid” is a violation.
(Image takes you to Amazon)
Tags: , , ,

More Stories

The Illusion of Cybersecurity Quantification

Dr. Mark Russo January 6, 2020

SPOT: “Congress at Rest”

admin December 14, 2019

EXCLUSIVE: A 2017 DOD STIG Analysis

admin April 13, 2019

COMMENTARY: F-35 JSF Program, the 2018 “What’s Behind the Curtain” Candidate

Donna Columbus December 16, 2018

EXCLUSIVE: Dept of Education (ED): Only $600 for Cyber Training

admin August 17, 2018

You may have missed

Cyber Threat Hunting (CTH) in an Age of Escalating Cyber Threats

Dr. Mark Russo July 4, 2023

Should You Hire a Virtual CISO?

admin February 1, 2023

TOP 5: The Main Implications of ML to Help Deter Cyber-threats

Dr. Mark Russo January 27, 2023

CYBER DECEPTION: Impact to Cybersecurity and the Application of Machine Learning Tools

Donna Columbus January 15, 2023
%d bloggers like this: