Now it appears that DoJ also was compromised—at least a little bit—by the SolarWinds hack. DoJ says its classified systems weren’t affected, but some unclassified email systems were.
There’s this bit, though, that doesn’t appear to be getting sufficient attention.
Even unclassified email accounts, though, can contain sensitive information about investigations and potentially national security related issues, said Chris Painter, a former senior official at the Justice and State departments who worked on cybersecurity issues. “A lot of DOJ work happens on unclassified systems.”
That sort of thing is largely unavoidable. Hence the perhaps too little attended-to need: vastly improved training in and execution of COMSEC principles, for everyone from the Attorney General through the lowest-ranking unpaid intern. That training and required performance must extend, also, to every enterprise and individual doing business with DoJ or wanting to.