Wake up to Mike Allen’s AM, the 10 stories driving your day

Stories

The rule-free world of federal officials' personal accounts

Social media account icons with locks over them
Illustration: Rebecca Zisser/Axios

Federal agencies have no security requirements for federal employees' personal social media accounts —leaving the door open to mischief and mayhem should one of those accounts get hacked.

Why it matters: Officials and federal employees often blur the lines between personal and official-business accounts — as when the president announces policy from his personal Twitter account. If hackers took over the account of, say, a regulatory official, they could manipulate the stock market by tweeting regulatory changes. If they took over the account of the president, anything might go.

"Social media, especially the lack of a policy, has become a real national security threat," said James Foster, founder and CEO of ZeroFOX, a company specializing in social media security.

  • The effects could be geopolitical as well as financial. "We crossed a threshold. It was not common more than a year ago for world leaders to tweet at each other."
  • Tweets are different from TV statements: Foster notes that conflicts on social media escalate much faster than those on TV, as back and forth exchanges accelerate.

How to fix it: Foster advocates extending the social media policies governing official accounts to any personal account mentioning an individual's federal role. Those policies are not particularly complex. Typically, they involve two factor authentication, good password hygiene and securing email addresses tied to the account.

Why there's no policy: Tony Scott, formerly President Obama's federal CIO and currently senior data privacy and cybersecurity adviser at Squire Patton Boggs, told Axios the administration had weighed the problem but decided against acting.

  • “This is an important issue and was certainly discussed during my tenure in the last two years of the Obama administration," said Scott. "The consensus at that time was that regulating personal social media accounts for government officials was not advisable, and our main focus was on the official government accounts maintained by the various agencies and officials."
More stories loading.