The interim director of the Cybersecurity and Infrastructure Security Agency triggered an internal cybersecurity warning with the uploads — and a DHS-level damage assessment.
Yeah, he really should know better, but why were the necessary controls not in place to prevent the C-suite from doing stupid things? I know it’s not possible to eliminate all risk, but enterprise-level DLP should really have caught this.
Definitely possible and even likely for at least some of them, but I would bet money a good deal of it is just hubris. A ton of these people give off the vibe that they earnestly believe they can do no wrong and know better than the “so called experts” because they’re so great and brilliant and strong. Anyone that tries to pierce that bubble is just a “jealous loser”.
triggering multiple automated security warnings that are meant to stop the theft or unintentional disclosure of government material from federal networks
They were, or at least detected if not prevented. That’s how they knew it happened.
This is the same guy who failed a polygraph, then smeared the people who told him he only needed to take the polygraph when he wants to see a highly classified program where only a limited number of people are allowed to see it (the previous guy on his seat didn’t want to see it because it’s not necessary for this job) for “giving him misleading information”.
He also wanted to remove Costello, one of the people at CISA who is seen “as one of the agency’s top remaining technical talent” after around 1000 employees were cut (he was hindered to do so after others learned about that - Costello had already gotten a letter giving him the choice to move to DHS or resign). Sources say that Costello pushes back regarding policy and contracting decisions - probably because he knows better.
He is Noem’s pet IT guy she took with her from South Dakota, and i think he’s out of his depth for sure, and probably compromised.
In his defense, polygraph is just pseudo-science bullshit. You “fail” or “pass” depending on what the one doing it wants you to do. It is just made up.
Yeah, he really should know better, but why were the necessary controls not in place to prevent the C-suite from doing stupid things? I know it’s not possible to eliminate all risk, but enterprise-level DLP should really have caught this.
You’re assuming that it wasn’t caught. He could have easily been informed and did it anyway because opsec is in opposition to their goals.
They want to make us vulnerable.
Definitely possible and even likely for at least some of them, but I would bet money a good deal of it is just hubris. A ton of these people give off the vibe that they earnestly believe they can do no wrong and know better than the “so called experts” because they’re so great and brilliant and strong. Anyone that tries to pierce that bubble is just a “jealous loser”.
They were, or at least detected if not prevented. That’s how they knew it happened.
This is the same guy who failed a polygraph, then smeared the people who told him he only needed to take the polygraph when he wants to see a highly classified program where only a limited number of people are allowed to see it (the previous guy on his seat didn’t want to see it because it’s not necessary for this job) for “giving him misleading information”.
He also wanted to remove Costello, one of the people at CISA who is seen “as one of the agency’s top remaining technical talent” after around 1000 employees were cut (he was hindered to do so after others learned about that - Costello had already gotten a letter giving him the choice to move to DHS or resign). Sources say that Costello pushes back regarding policy and contracting decisions - probably because he knows better.
He is Noem’s pet IT guy she took with her from South Dakota, and i think he’s out of his depth for sure, and probably compromised.
In his defense, polygraph is just pseudo-science bullshit. You “fail” or “pass” depending on what the one doing it wants you to do. It is just made up.
I agree, but funnily enough it’s still used in counterintelligence
He was assured “we are currently clean on OPSEC” by chat
Apparently it was set to detect and not block