Congressman Smith Scrutinizes Security of Clinton Email Server
Today I sent letters to several private companies that provided software and services to former Secretary of State Hillary Clinton that enabled her to maintain a private email server. Understanding these companies’ roles in providing software and services to maintain former Secretary of State Hillary Clinton’s private email server is critical to improving government cybersecurity standards. A high profile government official deviating from established information security requirements raises significant concerns. The sensitive nature of the information stored on Sec. Clinton’s private server created a unique challenge to ensure all of the information was properly safeguarded. The Committee takes seriously its duty to ensure the NIST Cybersecurity Framework is properly equipped to safeguard our nation’s information.
Earlier this month, the Committee held a hearing where a private sector cybersecurity expert told the Committee his company would not set up a private server for a government official because such an arrangement is “illegal” and because it would expose classified data.
Today’s letters are aimed at improving the National Institute of Standards and Technology’s (NIST) Framework for Improving Critical Infrastructure Cybersecurity (the Framework) and the Federal Information Security Act (FISMA), which set cybersecurity standards and enable federal oversight of information technology programs.
Last year, more than 178 million records on Americans were exposed in cyber attacks. According to the Government Accountability Office, in 2014, federal agencies reported more than 60,000 cyber security incidents that exposed personally identifiable information.
Moreover, the State Department scored only a 42 out of 100 on the federal government’s cybersecurity report card. This score is lower than the Office of Personnel Management’s score, an agency that recently experienced an attack that exposed the private information of 20 million Americans.
In my letters today, I requested all documents and communications related to Secretary Clinton’s private server as well as information about any security breaches that may have occurred during her tenure.
Full copies of the letters can be found below:
Letter to Mr. Austin McChord, CEO, Datto, Inc.
Letter to Mr. Victor Nappe, CEO, SECNAP Network Security Corp.
Letter to Mr. Treve Suazo, CEO, Platte River Networks
Letter to Mr. Ken Xie, CEO, Forinet, Inc.