The Supreme Court of the United States (SCOTUS) has announced that its investigation to find the insider who leaked a draft opinion of the Dobbs v. Jackson Women’s Health Org. decision to media outlet Politico has come up empty.
In a nutshell, the court’s insider risk management program, designed to protect the information the justices handle on a daily basis, failed—and failed miserably. Frankly, based on the findings of the report, the court’s insider risk management program—if it existed—was anemic at best.
The investigation, detailed in a 23-page report released on January 19, indicates that the court’s methodology was judged to be thorough by Michael Chertoff of the Chertoff Group, who was asked to review the marshal of the court’s investigative results.
Basic security protocols were not in place
Chertoff’s recommendations speak volumes about the state of affairs of the information security arena within SCOTUS and every CISO will recognize that what should have happened was basic blocking and tackling (or infosec 101):
- Restrict the distribution of hard copy versions of sensitive documents.
- Restrict email distribution for…
