@HonkHase ja, die #OpSec jener #KRITIS ist quasi nichtexistent.

• Und nein, ich werde nicht in Details gehen.

Nur soviel: Mich bezahlt keine*r die dazu authorisiert sind für's #Pentesting!

@masukomi yeah, basic #InfoSec & #ComSec as well as #OpSec!

The review also will “review compliance with classification & records retention requirements,” Stebbins wrote. He requested that the #Defense Dept designate 2 points of contact within 5 days, with work done both in Washington & at the headquarters of US Central Command in Tampa, Florida.

Steven Stebbins, the #Pentagon’s acting #IG, said in a memo to #SecDef #PeteHegseth & Dpty #DOD Secy Steve Feinberg that the review will “determine the extent to which the Secretary of #Defense & other DoD personnel complied with DoD policies & procedures for the use of a commercial messaging application for official business.”

@w7voa

Reminds me of this:

https://en.m.wikipedia.org/wiki/Petraeus_scandal

@evacide

Reminds me of this:

https://en.m.wikipedia.org/wiki/Petraeus_scandal

“Unless you are using #GPG, email is not end-to-end encrypted, & the contents of a message can be intercepted & read at many points, including on Google’s email servers,” said Eva Galperin, director of #cybersecurity at the Electronic Frontier Foundation.

#NationalSecurity experts have expressed alarm over the #Trump admin’s denial that the leaked #Signal chat contained #classified information.

Data #security experts have expressed alarm that US #NationalSecurity professionals are not…[just]…using the govt’s suite of secure encrypted systems for work communications such as JWICS, the Joint Worldwide Intelligence Communications System.

Most concerning, however, is the use of personal email, which is widely acknowledged to be susceptible to hacking, spearfishing & other types of digital compromise.

The use of personal email, even for unclassified materials, is risky given the premium value foreign #intelligence services place on the communications & schedules of senior govt ofcls, such as the #NationalSecurity adviser, experts say.

…Waltz has also created & hosted other #Signal chats w/Cabinet members on sensitive topics, including on #Somalia & #Russia’s war in #Ukraine, said a senior #Trump admin official.

#MikeWaltz has had less sensitive, but potentially exploitable information sent to his #Gmail, such as his schedule & other work documents, said ofcls, who, like others, spoke on the condition of anonymity to describe what they viewed as problematic handling of information. The ofcls said Waltz would sometimes copy & paste from his schedule into #Signal to coordinate meetings & discussions.

A snr #MikeWaltz aide used the commercial email service for highly technical conversations w/colleagues at other govt agencies involving sensitive #military positions & powerful #weapons systems relating to an ongoing conflict, acc/to emails reviewed by WaPo. While the #NSC official used his #Gmail account, his interagency colleagues used govt-issued accounts, headers from the email correspondence show.

The use of #Gmail, a FAR LESS secure method of communication than the encrypted messaging app #Signal [which isn’t secure enough for these kinds of comms either], is the latest example of questionable #security practices by top #NationalSecurity ofcls already under fire for the mistaken inclusion of a journalist in a group chat about high-level planning for #military ops in Yemen.

Members of #Trump’s #NationalSecurity Council #NSC, including WH #NationalSecurity adviser #MikeWaltz, have conducted govt business over personal #Gmail accounts, acc/to documents reviewed by WaPo & interviews with three #US officials.