Hillary Clinton’s disregard for cyber-security at the State Department, and hence for the national security, is manifest from her use of a private email server. But the wreckage Clinton left behind in State’s main digital information security office arguably demonstrates her disregard even more starkly, and probably posed an even greater threat to national security.
Richard Pollock of the Daily Caller provides the details. He cites scathing audits issued by the State Department’s former acting IG, Harold Geisel, a hand-picked Clintonista. During Hillary’s tenure, Geisel issued eight reports warning about worsening problems and growing security weaknesses within the Bureau of Information Resource Management (IRM). One of Geisel’s reports, issued not long after Clinton left the State Department, was so damning that the IRM became the butt of caustic comments throughout the IT world, according to Pollock.
In 2013, Geisel’s successor, Steve Linick, issued a “management alert” to State Department leadership, warning that IRM’s security deficiencies persisted. “The department has yet to report externally on or correct many of the existing significant deficiencies, thereby leading to continuing undue risk in the management of information,” Linick said.
The IRM was established by Colin Powell after the 9/11 Commission highlighted the failure of key government agencies to exchange anti-terrorist intelligence. Powell and his successor, Condeleeza Rice, built the IRM to ensure secure communications among all U.S. embassies and consulates.
The IRM became the central hub for all of the State Department’s IT communications systems. As Geisel explained in one of his reports, IRM “personnel are responsible for the management and oversight of the department’s information systems, which includes the department’s unclassified and classified networks” and “handles all aspects of information security for the department’s intelligence systems.”
The need to maintain the security of the IRM could not be more obvious. Geisel warned that “the weakened security controls could adversely affect the confidentiality, integrity, and availability of information and information systems” used by U.S. officials around the world. Yet, according to multiple IG reports, Clinton allowed the IRM to degenerate into an office without a mission or strategy. And even after being alerted to the problem, she failed to get it fixed.
The IRM’s deterioration isn’t unrelated to the Clinton email scandal. As Pollock points out, Clinton put Bryan Pagliano, her 2008 presidential campaign IT director, in the IRM in early 2009 as a “strategic advisor” who reported to the department’s deputy chief information officer. Pagliano had no prior national security experience and apparently lacked a national security clearance.
The IRM scandal also brings to mind Benghazi. In that case, Clinton failed to respond to repeated warnings about the deterioration of security at U.S. embassies in the region. In this instance, she failed to respond to repeated warnings about the deterioration of a vital information network.
Clinton likes to talk about being “ready.” But she wasn’t ready to be Secretary of State and she certainly isn’t ready to the President of the United States.