Homeland Security Secretary Jeh Johnson is pictured. Report: DHS chief used personal email on work computer It’s a black eye for a department that has positioned itself as the government’s civilian leader on cybersecurity.

Homeland Security Secretary Jeh Johnson and other top DHS officials continued to access their personal email accounts from their work computers more than a year after the department banned the practice as a security risk, Bloomberg reported Monday — a revelation that raises more questions about the federal government’s shaky cybersecurity practices.

DHS spokeswoman Marsha Catron confirmed to POLITICO that “some individuals” at the department had gotten exemptions allowing them to access personal webmail from work computers, though she did not confirm that Johnson was among them. She said the department has since revoked the allowances.


The report from Bloomberg View doesn’t cite any evidence that Johnson or the other officials had used personal email to conduct government business — the practice that has generated plenty of heat for Hillary Clinton after she used a private email server while secretary of state.

Even so, the report offers a black eye for a department that has positioned itself as the government’s civilian leader on cybersecurity. Security experts say allowing workers to access personal email on work networks creates a vulnerability, making it harder to filter or block emails that seek to dupe employees into installing malicious software or divulging sensitive information. And the government’s cybersecurity efforts have faced increasingly intense scrutiny following the two massive hacks that compromised personal data on more than 20 million people.

Catron said DHS had issued a directive in April 2014 restricting use of personal webmail on department computers but provided for case-by-case exceptions through a process managed by the agency’s chief information officer. Now the department has “suspended” all access, and further exemptions will be given only with personal approval from DHS chief of staff Christian Marrone.

Marrone was one of the officials who had previously gotten the allowances, Catron said — though he apparently didn’t know about it.

“A recent internal review found that some individuals, including the chief of staff, were unaware they had access to personal webmail and have since been restricted from access,” Catron said. “DHS has the mission to provide a common baseline of security across the civilian government and help agencies manage their cyber risk.”

In all cases, she said, using personal email for work purposes was and is “strictly prohibited.”

The Bloomberg article said Johnson and 28 senior department staff members had been accessing webmail from work under the exemptions.

Johnson’s personal email has been involved in controversy before: A Florida woman who filed a lawsuit linked to the David Petraeus sex scandal has sought to question Johnson about an email he’d received on his personal Google mail account from a reporter at The Daily Beast. Johnson had been the Defense Department’s general counsel.