While the subject line specifically pertains to the email challenge for Clinton's campaign the pattern is the same. Say nothing until forced to, assume a disengaged electorate will forget, or not care to begin with, then crank out the next "talking point" all on her terms.
Very detailed histories of a persons family, including SSN's, were part of the heist via Form SF-86. Being a longtime defense department contractor whose security clearance details were likely compromised I am pissed. The forms included personal info from friends gracious enough to vouch for my veracity as a trusted agent for the US government. We were expected to protect paper and electronic copies of this form as we would other sensitive data. The joke appears to be on us.
If the number of affected users, via SF86 forms, is as large as reported the implications are enormous. These clearance request forms contain detailed information about the applicant, extended family, references, etc. Fingerprints just ice the cake.
They have doctrine in place in the Security Technical Implementation Guide (STIG), a DISA product, but that would require DHS to exercise best practices and lessons learned levied on other branches of the government. You know, learn from others mistakes, and improve.
Possibly off-topic but now that I am a very seasoned tech worker facing retirement starting investing in your future literally is my vote. There is nothing like time and compound interest so new grads, setup and contribute to that saving plan (401k, 403b). Pay yourself first, you will not regret it.
Back in the 60's I lived on the US naval base in Guantanamo Bay Cuba and our water source was a desalination plant. Extra water was stored in a old ship anchored in the bay. The climate there is similar to SoCal, arid and mountainous. Sounds like a reasonable approach to take and should it rain stored desalinated water would provide a backup plan, which they need.
Ms. Clinton can use her private server for anything personal anytime she wants. Her government business, especially cabinet level correspondence, must originate from a state.gov address. During my work for the DoD email messages had to be digitally signed with a government issued smart card (CAC) to provide authenticity. It's a tenant of best practices. I can't imagine the State Department not adhering to the same standard of security when doing the people's business.
US Department of Defense. Before everyone tosses the healthcare.gov example as typical government failure, my experience as a DoD IT worker for the past 27+ years does not support that example. I currently work with a top tier group of virtualization engineers, any of which a corporation or startup would be fortunate to have on their payroll.