ANALYSIS/OPINION:

In his op-ed “Hillary’s rookie errors with classified information” (Web, Aug. 26) Daniel Gallington offers an excellent tutorial on the carefully constructed security china shop through which Hillary Rodham Clinton recklessly rampaged. However, I offer one small correction: Hillary’s personal email server was not an “unclassified” system.

From a federal perspective, it was an “unsecured” external system. There is a huge difference. Almost all federal agencies operate “unclassified” information systems that are required by the Federal Information Security Management Act (FISMA) of 2002 to be “identified,” officially “categorized” by sensitivity impact and secured with at least the minimum security controls identified by the National Institute of Standards and Technology. Hillary’s personal email server was never even properly “identified” to State Department security management personnel.

The non-defense systems covered by FISMA are intended to handle all federal agency information not requiring the additional protection specified for classified information. Where necessary, agencies operate separate “classified” systems for that purpose, as Mr. Gallington explains. One of the adjunct purposes of securing all federal systems to at least minimum standards is to help contain the damage from inadvertent misdirection of classified-mission information to administrative traffic.

Hillary was a member of the Senate that passed FISMA 2002, so ignorance of the law seems hard to claim.

BILL MILLS

Sterling