An internal White House memo published today by Axios reveals that recent changes to the information operations and security organizations there have left the security team in tumult, with many members headed for the door. And the chief of the White House's computer network defense branch—who wrote the memo after submitting his resignation—warned that the White House was likely headed toward another network compromise and theft of data.
The White House Office of the Chief Information Security Officer was set up after the 2014 breach of an unclassified White House network by Russian intelligence—a breach discovered by a friendly foreign government. But in a July reorganization, the OCISO was dissolved and its duties placed under the White House Office of the Chief Information Officer, led by the new CIO Roger L. Stone. Stone pulled from the ranks of the National Security Council where he was deputy senior director for resilience policy. (Stone is not related to indicted Republican political consultant Roger J. Stone.)
The resulting changes have put an emphasis more on convenience than security. The Office of Administration at the White House has reportedly been purging information security staffers while responsibility for cybersecurity is outsourced from the streamlined IT operations team. In August, White House CISO Joe Schatz left the White House for a tech consulting job. And according to the memo, senior security experts have been leaving en masse since then as the White House has become increasingly hostile to the information security team.
The college football season starts next week, and, as has become all too customary of late, most of the chatter is not about the impressive feats we’re going to be seeing on the field, but the bleak events taking place off of it. I refer to the goings-on in Columbus, where the people who run the Ohio State University just embarrassed themselves, the program and the school by slapping coach Urban Meyer’s wrist with a wet piece of spaghetti.
If you haven’t followed this blow by blow, here’s a good timeline of events. The long and short of it is that Zach Smith, an assistant to Meyer over the years at both OSU and the University of Florida, is accused of twice physically accosting his ex-wife, Courtney, in 2009 and 2015. In the 2015 incident, which happened while Smith was at OSU, he was arrested on felony charges of domestic violence and felonious assault. Courtney Smith didn’t press charges, but the couple divorced the next year.
At OSU media day in late July, Meyer was asked what he knew about all this and when. He said the 2009 incident as reported “wasn’t actually what happened,” and that the 2015 incident was basically made up (“I don’t know who creates a story like that,” he said to the media, which is not quite up there with “Total Witch Hunt!” but which, you know, ain’t good).
When the Web was new (I climbed on board in 1995) like everyone else, I started accumulating passwords. Slowly at first, but with two websites to manage and a fondness for on-line shopping, by 1999, I was pinning scraps of paper to my bulletin board, jotting in notebooks, tucking them into my wallet, in various files in the filing cabinet, and, oh heck, just sticking Post-Its to my computer monitor. And more times than I’d like to admit, I forgot to write them down at all. I knew some people who kept their passwords straight by using the same one for everything, but that seemed to me an invitation to hackers.
About ten years ago, I started noting each password on its own 4 x 6 inch index card, then filing it alphabetically by service (e.g., Amazon.com under “A”) in a little box that looks just like my grandmother’s cookie recipe box.
Call it the Grandma’s Recipe Box Solution to Password Management.
On each index card I note:
Name of Service (e.g., Amazon.com)
My password
My username
My email address for this account
Any other relevant information
Now that I’m still on-line in 2014 and managing a plethora of websites, a batch of blogs, two YouTube channels, Vimeo, three Twitter accounts, and do my banking on-line, use PayPal, and have not set foot in a shopping mall in more time than I can remember, I have accumulated a prodigious stack of index cards. But my little plastic index card holder, with its alphabetical tabs, is still right here by my desk, doing the job.
I have found that there are several advantages to this method:
1. I can keep all my passwords at my fingertips (so when it’s time to check my bank balance or tweet or shop on-line, if I cannot recall the one I need password, I just pluck it out);
2. Filing the cards alphabetically allows me to plunk one back in quickly (and find it again just as
quickly);
3. I can use longer and more varied passwords without having to remember them nor go through the hoops of waiting for it to be resent to my email, and then having to click on some link to confirm;
4. If I need to change a password, I just pluck out the card, note the change, and put it back;
5. When I had to cancel one of my email accounts, I was able to whip through the stack of index cards to see which accounts needed updating;
6. It’s cheap and after 10 years the plastic index card holder still looks like new;
7. Its small enough to stash in a locked drawer;
8. Finally, should anything happen to me, my family knows where to retrieve all my passwords to put my affairs in order. That’s a gruesome thought, but a realistic one. Last I checked, no one gets off this planet alive (except astronauts, and only temporarily).
-- C.M. Mayo
Advantus 4 x 6 Index Card Holder, 300 card capacity
$7