Maksim Kabakou - Fotolia
In this Risk & Repeat podcast, SearchSecurity editors discuss the security lessons of the Hillary Clinton email server probe and the state of federal government cybersecurity.
While former Secretary of State Hillary Clinton escaped charges related to her much-criticized personal email server, the FBI's probe resulted in a scathing rebuke of the State Department's lacking security culture.
The Clinton email server probe officially ended last week as FBI Director James Comey announced that the bureau would not seek charges against Clinton for using a personal email server, rather than the official State Department email system, to receive and send classified information, including top-secret data. But Comey offered sharp criticism of how Clinton and her staff operated the email server, claiming they were "extremely careless in their handling of very sensitive, highly classified information."
"While not the focus of our investigation, we also developed evidence that the security culture of the State Department in general, and with respect to use of unclassified email systems in particular, was generally lacking in the kind of care for classified information found elsewhere in the government," Comey said during his press conference.
Questions about the security of Clinton's email server have swirled for years, but the FBI probe, the Office of Inspector General's report in May and various news media investigations have revealed major shortcomings with how both Clinton and the State Department handle email security. Specifically, the FBI discovered that Clinton's email server setup wasn't supported by a full-time security staff. The Inspector General's report, meanwhile, showed that a staff member simply shut the email server down during a suspected cyberattack.
Why was Clinton's email server security so inadequate? What does this email episode reveal about the security culture within the federal government? Will this be a turning point for how government agencies handle and protect sensitive and classified data? In this episode of SearchSecurity's Risk & Repeat podcast, editors Rob Wright and Peter Loshin discuss those questions and more related topics about the Clinton email server controversy.
Risk & Repeat: Project Zero finds more critical Symantec bugs
Risk & Repeat: Acer breach highlights payment security shortcomings
Risk & Repeat: Ransomware worm raises concerns for enterprises