Homeland Security Secretary Jeh Johnson admitted Tuesday that he banned the practice of giving homeland security officials waivers to use personal email on government computers only after a Bloomberg View article exposed that he and 28 other senior officials were using their personal emails at work.
“When I read the story I said, ‘You know whoops this is not a good practice so I should discontinue it’,” Johnson said at a Politico breakfast hosted by Politico’s Mike Allen.
Johnson claims that he was only using his Gmail at work for personal use, and that he used his government email for all homeland security purposes. Personal email use was already prohibited on DHS computers for security reasons, but some senior officials were given waivers and allowed to use their emails.
While he acknowledges that he took a risk by accessing his private email, he doesn’t think it was a large one.
“[It’s] probably not an appreciable [risk] but one that probably should be eliminated so I’m eliminating it,” Johnson said at the breakfast.
But that’s not how security experts view it. According to Tripwire senior security researcher Ken Westin, Johnson has a much higher risk of being targeted than an average government worker because of his senior position.
“For an average user accessing Gmail from a work computer is no big deal,” Westin told NBC News. “[But] the DHS is a very large target for some of these nation state actors.”
He pointed out that there’s a large risk right now of “phishing campaigns,” where hackers can compromise a personal email account. If that account is used on a government computer, hackers may be able to access information on that computer. The DHS is actually one of the agencies who has warned other federal agencies about this threat.
“Executives are people that are in a position of power and have access to data,” he continued. “People that have access to sensitive information … that’s definitely something they should not be doing.”
Johnson said that now he’ll just read his Gmail on his iPhone.