Tuesday, November 1, 2016

Information Technology Expertise vs. Literacy: A Lesson from the Hillary Campaign for President


Whatever Population Health Blog (PHB) readers may believe about the 1) the timing of FBI Director Comey's announcement about the discovery of a cache of Huma Abedin emails "that appear to be pertinent to the investigation," or 2) the Wikileaks hack of the Clinton emails, the campaign's pattern of lightly securing confidential information and moving it across multiple technology platforms is disconcerting.

Ms. Abedin is apparently at a loss to explain how so many the "pertinent" emails ended up on a home laptop.  The Population Health Blog (PHB) suspects it was a combination of autosaving and autoforwarding run amok.

In the meantime, it has been reported that the Clinton campaign chair used "p@ssw0rd" as the password for his johnATpodesta email account. Once it was targeted, the PHB believes may have been just a matter of probing it repeatedly with a series of commonly used passwords.  Once one account is hacked, it can be used to email viruses and malware to unsuspecting recipients.

No one should expect that the leaders who run national political campaigns should be IT experts.  It's also true that no one or organization is immune from an advanced persistent threat.  But that doesn't mean that these leaders - who aspire to oversee executive branch policymaking - don't have a duty to be IT literate.  

The absence of Republican leaks is intriguing. While hackers may be showing favoritism, the PHB wonders if this episode in 2008 prompted future GOP campaigns to take the threat seriously.  In addition to applying IT policy and procedure (for example) as well as relying on experts to identify and defend the crown jewels, their leaders - aware that their digital musings could end up on the front page of The New York Times - probably internalized some basics:
  • While email is never secure, the likelihood of a hack can be reduced by using unique passwords and regularly changing them;
  • Email attachments, including embedded pictures, are a common method of delivering viruses and malware;
  • There are important differences between storage and backups. The latter can resurrect an entire data base, is less prone to mismanagement and typically offers encryption.
This is not rocket science.  Understanding these and other basics - i.e. having literacy - is an important piece of IT security in any organization.  That's especially true in the healthcare sector, where we learned our lesson years ago.  The hard way.

In numerous posts (for example), the PHB has repeatedly questioned the ability of a federal bureaucracy to competently coordinate healthcare delivery.  In addition to the complexity, cronyism, concentration of risk, unintended consequences and politics, the PHB believed the health-policy illiteracy of the decision-makers made them unequal to the blue-pill vs. red-pill task.

Alas, is the same true when it comes to the oversight of the United States' information infrastructure? If a future President, her Chief of Staff and her most trusted advisers are flummoxed by or ignore the fundamentals of account passwords and backups, could this illiteracy lead to IT poor decision-making in a future White House administration?

You be the judge!

Image from Wikipedia

No comments: