CampaignSMS

Lawmakers want National Archives records on DHS watchdog's … – SC Media

DHS Inspector General Joe Cuffari testifies in front of the House Oversight subcommittee on national security, the border and foreign affairs. (Source: SC Media)
A pair of congressional Democrats are asking the National Archives and Records Administration to hand over any records or evidence in its possession to the Department of Justice that could help demonstrate that Department of Homeland Security Inspector General Joe Cuffari ran afoul of federal record keeping laws when he deleted text messages on his government phone.
In a letter sent Monday to U.S. Archivist Colleen Shogan, Reps. Bennie Thompson, D-Miss., ranking member on the House Homeland Security Committee, and Glenn Ivey, D-Md., ranking member for the House Oversight Committee, requested that NARA review a number of publicly disclosed records regarding DHS OIG’s record retention policies, and particularly Cuffari’s own statements on his record-retention practices.
They cite a June 6 hearing of the House Oversight subcommittee on national security, the border and foreign affairs when Cuffari told Ivey that he would regularly delete text messages on his government-issued work iPhone, saying it was a “normal practice” that he did not believe the texts would count as federal records under statute and that he was unsure if they were stored or preserved elsewhere.
The same day of the hearing, the non-profit Project on Government Oversight cited emails obtained from the DHS IG office claiming that an unnamed “custodian” had admitted they had deleted all text messages from their phone and that “the relevant policy for capturing such messages was not followed.” Two sources within the office told POGO the custodian in question was Cuffari.
“We ask that after reviewing these documents, and other relevant information that NARA obtains, NARA consult with the Department of Justice if the evidence confirms that Inspector General Cuffari failed to notify NARA about unlawful destruction of Federal records, in violation of the law,” Thompson and Ivey wrote.
At the June hearing, Cuffari also told Ivey he was also one of a small group of officials who received authorization by the DHS chief information officer to use Signal, an encrypted communication app, following the disclosure of the SolarWinds compromise, which resulted in Russian hackers compromising the IT networks of at least nine federal agencies. Cuffari said his use of Signal was restricted to a phone call and that he deleted the app in 2021.
On June 15, Chief Records Officer Laurence Brewer wrote to Eric Hyson, chief information officer for DHS, saying NARA was investigating Cuffari’s statements on deleting text messages and his use of Signal.
“If the Department determines that federal records were deleted without proper disposition authority, your final report must include a complete description of the records affected, a statement of the exact circumstances surrounding the deletion of messages, a statement of the safeguards established to prevent further loss of documentation, and details of all agency actions taken to salvage, retrieve, or reconstruct the records,” Brewer wrote.
According to POGO, the DHS IG chief information officer issued an email to employees in February 2023 stating that their office would begin “automatically archiving all SMS/MMS messages sent or received from OIG phones” moving forward.
The inspector general role was created through an act of Congress and most of them, including at DHS, serve as one of the primary tools of legislative oversight for executive branch agencies.  
The admissions are also notable because Cuffari was in charge of investigating multiple DHS leaders, including acting Secretary Chad Wolfe, and agencies including the Secret Service, who were accused of taking similar actions in the immediate wake of the Jan. 6 insurrection.
Days after thousands of Trump supporters stormed the U.S. Capitol, brawled with police and attempted to disrupt the certification of incoming President Joe Biden, at least four congressional committees wrote to the Department of Homeland Security and other federal agencies to instruct them to preserve records related to the riot. Less than two weeks later on Jan. 27, the Secret Service executed a phone and data migration plan that would wipe all data on existing phones and put the onus for backing up and preserving those records on individual employees.
Cuffari’s office did not disclose the missing texts to Congress until more than a year after the attacks on the Capitol, and he told Congress he didn’t learn of the gap himself until February 2022.
Cuffari has served as DHS Inspector General since 2019 when he was nominated by then-President Trump. His tenure has been marked by controversy, allegations of improper or political actions and multiple investigations of his office by Congress and the independent watchdog council that oversees federal IGs.
Derek is a senior editor and reporter at SC Media, where he has spent the past three years providing award-winning coverage of cybersecurity news across the public and private sectors. Prior to that, he was a senior reporter covering cybersecurity policy at Federal Computer Week. Derek has a bachelor’s degree in print journalism from Hofstra University in New York and a master’s degree in public policy from George Mason University in Virginia.

Malicious actors could fully takeover 926,000 MikroTik RouterOS routers vulnerable to a critical SuperAdmin privilege escalation flaw, tracked as CVE-2023-30799, BleepingComputer reports.

Patches have been issued by Ivanti for a zero-day authentication bypass flaw in its Endpoint Manager Mobile device management software previously known as MobileIron Core, which has already been actively exploited by threat actors, BleepingComputer reports.

Apple released several new security updates Monday for vulnerabilities affecting its iOS, iPadOS, macOS, tvOS and watchOS, including one CVE that “may have been actively exploited” in devices running all of those operating systems.
By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.
Copyright © 2023 CyberRisk Alliance, LLC All Rights Reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorization.
Your use of this website constitutes acceptance of CyberRisk Alliance Privacy Policy and Terms & Conditions.

source

Leave a Reply

Your email address will not be published. Required fields are marked *