Obama warns of U.S. weaknesses on cybersecurity

Hackers are targeting the White House, and the U.S. government still has much to learn from its IT security mistakes, the president said.

(Photo credit: Drop of Light / Shutterstock.com)

President Barack Obama, shown here on the Poland leg of his recent NATO trip, warned about cybersecurity readiness. (Photo credit: Drop of Light / Shutterstock.com)

President Barack Obama told a European audience that hackers have targeted the White House and that officials must do more to secure their communications.

"I think we're going to have to do better and learn from mistakes" in protecting government information from hackers or unauthorized disclosure, Obama said July 10 during a press conference in Madrid, Spain. "Some of it will have to do with how we train personnel from the very top -- how I use my smartphone or BlackBerry all the way down to the lowest-level staffer."

"We know we've had hacking in the White House," he added, and training government officials to follow sound IT security practices "will be a work in progress."

A group of former federal officials has given Obama a mixed scorecard on cybersecurity. The former officials said in May that his administration has done a good job of making cybersecurity relevant to top agency officials but could have instilled accountability earlier on and done more to follow through on the policy recommendations it received.

On July 9, Obama said he was concerned about the findings of an FBI investigation that the State Department has a lax IT security culture. During a NATO summit in Poland, he said the era of big data has put enormous pressure on the State Department to classify and protect sensitive information. That boom in data has also challenged agencies to keep up with Freedom of Information Act requests, and Obama added that legislation he recently signed would help in that regard.

"Across government, you're seeing this problem, and it's a problem in terms of domestic affairs," he said. "It becomes an even bigger problem when you're talking about national security issues."

FBI Director James Comey announced last week that the bureau would not recommend criminal charges against Hillary Clinton for her use of a private email server while secretary of State. Nonetheless, he delivered a searing critique of the Democratic presidential candidate's handling of classified information.

Comey also said his investigation uncovered "evidence that the security culture of the State Department in general, and with respect to use of unclassified email systems in particular, was generally lacking in the kind of care for classified information found elsewhere in the government."

State Department spokesman John Kirby objected to that characterization and told reporters last week, "We don't share that assessment of our institution." However, a recent State Department inspector general report supports Comey's assessment.

The report, which covered the last five secretaries of State, found that "systemic weaknesses related to electronic records and communications have existed within the Office of the Secretary that go well beyond the tenure of any one secretary of State."

Comey might have closed his case on Clinton's email practices, but his assessment of State's IT security shortcomings could have staying power. Last week, Rep. Mike Pompeo (R-Kan.) sent a letter to Secretary of State John Kerry, among other officials, asking Kerry what steps he has taken "to address this lax security culture at the State Department."