Chaffetz Breach Causes Investigation of Secret Service IT Management

A report by the Office of Inspector General (OIG) reveals glaring IT security deficiencies in the U.S. Secret Service (USSS), stemming from a 2015 investigation that found improprieties in the handling of classified information by the USSS. Specifically, it was the unauthorized snooping by the Secret Service into Rep. Jason Chaffetz’ (R-UT) personal info immediately after he asked questions on Capitol Hill regarding alleged USSS agent misconduct.

Secret Service Security Breach

“Perhaps [the Secret Service] can turn some of that energy to protecting its computer systems, which suffer from neglect, ignorance and bad management, according to a watchdog’s report,” says a Washington Post article dated Nov. 9, 2016.

A 2015 OIG investigation found that a total of 45 employees snooped into Chaffetz’s 2003 Secret Service job application. Only four had a legitimate need, leaving the rest in violation of the Privacy Act and agency policies. The file snooping began minutes after Chaffetz, chairman of the House Oversight and Government Reform Committee, opened a hearing into allegations of USSS agents’ misconduct.

Chaffetz said the current report, issued last month, shows that “despite past warnings, the U.S. Secret Service is still unable to assure us their IT systems are safe.” In a letter to Inspector General John Roth, Chaffetz also said the discipline for some agents in his case “is not adequate to deter similar behavior in the future” and asked Roth to continue his investigation.

Says the October 2016 Inspector General’s report regarding their audit of the Secret Service, “The audit uncovers a myriad of problems with Secret Service’s IT management including inadequate system security plans, systems with expired authorities to operate, inadequate access and audit controls, noncompliance with logical access requirements, inadequate privacy protections, and over-retention of records. The OIG concluded that Secret Service’s IT management was ineffective because Secret Service has historically not given it priority. The Secret Service CIO’s [Chief Information Officer] Office lacked authority, inadequate attention was given to updating IT policies, and Secret Service personnel were not given adequate training regarding IT security and privacy.”

The IT Security Implications

So, what are the overall implications of the Chaffetz data breach and subsequent OIG audit and report for IT security in general? It certainly demonstrates that no individual or agency is immune to probity concerning misuse or violation of IT access. It should be a clarion call to all – from single individual up to government agency – to act on the side of discretion when accessing data over secure networks, and for all organizations to take firmer steps to ensuring data security policies are followed to the letter.

Data Breach As Means of Intimidation

Jason Chaffetz has become well known for investigating government improprieties as part of the House Select Committee on Oversight and Government Reform. The Secret Service imbroglio, if anything, should teach a lesson of steadfastness in the face of intimidation-by-data-breach. It also aired-out some long-festering issues within the Secret Service, which were overturned, largely, under the direction of new leadership in the hiring of Marine Brig. Gen. Kevin Nully, who brought “sweeping and unprecedented improvements” to the agency.

Talk to an IT Security Specialist

Are you concerned about data security breaches negatively affecting your enterprise? Talk to an IT security specialist at Centerpoint IT, which is a leader in IT consulting and management. Send us an email by info@centerpointit.com, or call us at (404) 781-0200, and we will help you with any of your questions or concerns.