I knew some folks who worked military communications and they broke rules regularly because senior officers just didn't want to walk across the street to do something secure...
The is a serious problem with folk with power and authority and somehow no responsibility.
That's across government, service and corporate.
Or perhaps the fundamental problem is with people in general - perhaps people without power and authority follow rules only because they don't have the power and authority to ignore them.
Power corrupts because power means you can be corrupt.
I feel for my American friends, and hope they never again optimise their government for comedy value.
> Something every single soldier and officer learns is that the entire department was previously called the Department of War. It was repackaged after WW2 as the Department of Defense when invading countries half-way around the world began being sold to the public as 'defense.'
This is a weirdly common belief, but it is not true. Up through WWII, the US had two cabinet level military departments, instead of the current one. Those two departments were the Department of War, under which was the Army, and fhe Department of the Navy, under which was the Navy and Marine Corps.
This was changed by two laws in the late 1940s. The first, the National Security Act of 1947, among other things:
* Split the Air Force and Army from each other, splitting the Department of War into two new cabinet-level Departments, the Department of the Army and the Department of the Air Force.
* Created an additional cabinet level Secretary of Defense to coordinate the combined military structure, which it called the National Military Establishment.
This was followed by the National Security Amendments Act of 1949, which:
* removed the Secretaries of the Army, Navy, and Air Force from the Cabinet and formally subordinated them to the Secretary of Defense
* renamed the National Military Establishment (which was frequently referred to by the inconveniently-pronounced, for its role, initialism NME) the Department of Defense (which conbined with the preceding point is the source of the unusual departments-within-a-department structure of the DoD.)
The Department of War did once exist, but it was never a name for the same thing as the Department of Defense. It was one of two coequal entities that were subsumed by the National Military Establishment, the only reason it still doesn't exist as a subordinate entity within the NME, now DoD, like the Department of the Navy does is that it was split in two.
It's only in 1947 and later that somehow invading countries half-way around the world and shipping weapons to anybody with a buck began being framed as 'defense' or somehow saving the world from whatever - tyrant, terror, communism, burdens of oil, and so on. So in many ways I think it would be far more apt to say that 'Department of Defense' is the cutesy name. They're not defending anything - nukes and geography take care of that, more or less, on their own.
[1] - https://en.wikipedia.org/wiki/United_States_Department_of_Wa...
No, what became the Department of Defense didn't exist from 1789 until 1947. The cabinet level Department of the Navy (current Department of the Navy) and the cabinet-level Department of War (later split into the current Department of the Army and Department of the Air Force) did, as separate, co-equal entities with no single civilian head over them beneath the President.
The National Military Establishment under the cabinet-level Secretary of Defense was created as a unified military structure in 1947 over both the Department of the Navy (which remained a cabinet-level department) and what had been the Department of War (which was split into the cabinet-level Departments of the Army and the Air Force). And in 1949 the three service departments were fully subordinated within the NME instead of being cabinet level, and the NME was renamed the Department of Defense (pribably not entirely because it was really awkward having the combined military organization use an initialism that sounded like “enemy”, but...)
More detailed version in https://news.ycombinator.com/item?id=46825849
You have things like WW1 being framed (at the time) as 'The War to End All Wars' but I think that was probably naivete whereas after we started calling war 'defense' we entered into the era of 'police actions' instead of wars, like the Korean War, and outright false flags such as the Gulf of Tonkin Incident for Vietnam. All the while the CIA was running around acting like a rabid chimp all across the world. It was entering into an era where deceiving the public became standard operating procedure, of which framing war as defense was but one typical aspect.
I believe we are now leaving that era, and I think that is a good thing for everybody.
No, from 1789 to 1947 there were two separate cabinet-level departments, War and Navy.
> It's not like it had the same structure, or anything remotely like it, in 1942 as in 1789
Internal to the two cabinet-level departments? Probably not.
At the cabinet level? There was exactly the same structure: the Department of War with the Army underneath it and the Department of the Navy with the Navy and Marine Corps.
The War Department did not become the Defense Department. In 1947 War was split into Army and Air Force, and a fourth cabinet secretary, the Secretary of Defense was added, heading the combined National Military Establishment that was created over both what had been the War Department and what still was the Navy Department (all still cabinet level departments). In 1949, the three service secretaries (two of which headed parts of what had been the War Department) were formally subordinated to the Secretary of Defense and the NME was renamed the Department of Defense. The Department of War was direct predecessor to the Departments of the Army and Air Force, not the Department of Defense, which was a new level of coordination interposed between the President and the formerly organizationally-separated services.
accidentally based
> Madhu Gottumukkala was born in Andhra Pradesh, India
I mean, they are all using O365 to run their day-to-day businesses anyway.
I used to work in a large technology multinational - not "tech industry", but proper industrial technology; the kind of corp that does everything, from dishwashers to oil rigs. It took nearly a year from OpenAI releasing GPT-4 to us having some form of access to this model for general work (coding and otherwise) internally, and from what I understand[0], it's just how long it took for the company to evaluate risks and iron out appropriate contractual agreements with Microsoft wrt. using generative models hosted on Azure. But they did it, which proves to me it's entirely possible, even in places where people are more worried about accidentally falling afoul of technology exports control than insider training.
--
[0] - Purely observational, I had no access to any insider/sensitive information regarding this process.
Damn. I forgot to read the article.
It's not a cookie law — it's a privacy law about sharing personal data. When I know your SSN and email address, I might want to sell that pairing to 1668 companies and I have to get your "consent" for each.
>In December 2025, Politico reported that Gottumukkala had requested to see access to a controlled access program—an act that would require taking a polygraph—in June. Gottumukkala failed the polygraph in the final weeks of July. The Department of Homeland Security began investigating the circumstances surrounding the polygraph test the following month and suspended six career staffers, telling them that the polygraph did not need to be administered.[12]
So the guy failed a polygraph to access a highly controlled system full of confidential information, and the solution to that problem was to fire the people in charge of ensuring the system was secure.
We're speed running America into the ground and half the country is willfully ignorant to it happening.
The UK uses them for post-conviction monitoring in certain offenses: https://www.gov.uk/government/publications/police-crime-sent... ...and there's more than one British polygraph group: BPA and BPS (https://www.britishpolygraphassociation.org/, https://polygraph.org.uk/)
Australia did indeed reject the polygraph for security clearance: https://antipolygraph.org/blog/2006/10/19/australian-securit...
Canada however does seem to use it as part of their intelligence screening: https://www.canada.ca/en/security-intelligence-service/corpo...
> Do I have to go through the polygraph test to join CSIS?
> Yes. All CSIS employees must obtain a Top Secret security clearance and the polygraph is a mandatory part of the process.
Seems to be the same for CSE and to get "Enhanced Top Secret" clearance.
Back to the US, the Department of Labor says that private employers can't force people to undergo a polygraph test: https://www.dol.gov/agencies/whd/polygraph But of course this does not apply to public sector jobs, where it's used more pervasively.
I do realize this scholastic achievement is not indication he knows what he is doing.
Anyway what he did makes it abundantly clear that this person should not be head of security for anything.
It's a person reliability test and he failed it.
I'm pretty pessimistic about the future with LLMs, but I can't see it being a net positive for humanity in the long run.
It looks like he requested and got permission to work with "For Unofficial Use Only" documents on ChatGPT 4o - the bureaucracy allowed it - and nobody bothered to intervene. The incompetence and ignorance both are ridiculous.
Fortunately, nothing important was involved - it was "classified because everything gets classified" bureaucratic type classification, but if you're CISA leadership, you've gotta be on the ball, you can't do newbie bullshit like this.
You're assuming the planted lackey has any knowledge of these tools.
In many industries, this would be a rapid incident at the company-level and also an immediate fireable offense and in some governments this would be a complete massive scandal + press conference broadcasted across the country.
Not an insider just to be clear here so maybe just really bad luck. But no benefit of doubt for the third strike.
I swear this government is headed by appointed nephews of appointed nephews.
I keep thinking back about that Chernobyl miniseries; head of the science department used to run a shoe factory. No one needs to be competent at their job anymore
> [ChatGPT] is blocked for other Department of Homeland Security staff. Gottumukkala “was granted permission to use ChatGPT with DHS controls in place,” adding that the use was “short-term and limited.”
He had a special exemption to use it as head of Cyber and still got flagged by cybersecurity checks. So obviously they don't think it's safe to use broadly.
They already have a deal with OpenAI to build a government focused one https://openai.com/global-affairs/introducing-chatgpt-gov/
More likely, everything gets added to the list because there shouldn't be false positives, it's worth investigating to make sure there isn't an adjacent gap in the security systems.
I presume pulling this data out is simple if you’re, say, China.
There really no security to investigate. Without a private instance, it’s an absolute non-starter for anything classified.
Why would you presume that?
30 years in about 8 software companies, Northern Europe. Often startups. Between 4 to 600 people. When they grow large the work often turns boring, so it's time to find something smaller again.
You don't have worked in enough companies then.
Just for the sake of argument, you think anybody would have denied Jobs or Bezos or Musk one?
(Extreme burnout, did not get rich from the pain. It was just pointless destruction.)
Give sound advice of course, but ultimately it’s the exec’s decision make.
Case in point: Allowing a CEO with no flight training to "have the keys" to the company <rare, expensive, uniquely outfitted, airframe> because they want to take it for a spin.
Sheparding Royalty in Monarchies has been a neccessary, delicate, loaded, and life threatening role for centuries.
Being a C-suite Groom of the Stool isn't a happy job, but somebody has to do it.
To be clear, I’m referring much more to CEO/owners - maybe more like Zuck than Bezos
> To be clear, I’m referring much more to CEO/owners
Owners are what you are talking about. CEO / Owners are Owners and can act like owners.
That said, even owners need to be herded like cats when they are making bad decisions that impact tens of thousands of people on the basis of hubris and feels.
Somebody has to toss them shiny keys until the moment passes and they can make rational choices again.
The CEO of vocal cola has no business need to know the secret formula. Giving it to him has no upside only downside, so you don’t.
Semiconductor does this all the time…engineers on team A know only about their process critical gate materials step. Engineers on team B know about their lithography step. They are trained not to disclose and people respect that.
I mean, I don't know if he had a security exemption, or if anyone who clicked on it would have infected us. But he was the weak link, at least in that instance.
Dig up a live mic catching Hillary calling the IOC a bunch of self-serving scum just as Obama was begging them to award the 2016 Olympics to Chicago, and we might call it comparable.
Don't forget the Large Adult Sons!
https://www.newyorker.com/culture/cultural-comment/the-land-...
That's actually the whole point. Placing incompetents in positions of authority means they know absolutely to whom they owe their loyalty. Because they know they would never have that job on merit. And since they don't really know how to do the job, they have no moral qualms about doing a poor job, or strong opinions on what they should be doing -- other than whatever mission their patron has given them. It's a tool used by weak leaders and it's unfortunately very effective.
Make the government look so incompetent that it is a no brainer to let a private company (headed by your friends and family of course) to do the important jobs and siphon resources much more effectively.
No joke, the previous head of the State Department task force tasked with fighting corruption and nepotism in international contracting was named Rich Nephew. (He's a very talented career civil servant and I mean no shade I just find that hilarious.)
Any time you have to include "competent" in a description of a job or related technology, that's a clue that it needs requisite oversight and (possibly exponetial) proportionate cost.
That is of course the thing about ideologies like it: loyalty before all else.
The entire Trump administration, every single person, is a DEI hire.
But, even though that's what DEI can be, not all "someone got a git not because of ability" is DEI. Cronyism, racism, and sexism all do that, too.
In the case of this administration, I think the traditional term is "yes men" - people who are hired not for ability, but because they will not say no to the boss.
If the reality of a thing is in opposition to the regime’s wishes, you can’t just wish that away.
However, the regime will favor those who say “yes” over those who accept reality.
I once read an interesting book on the economy of Nazi Germany. There were a lot of smart CEOs and high ranking civil servants who perfectly predicted US industrial might.
It we loosen "fascist" to just mean any authoritarian government, there are many that run of very long time.
More importantly, maybe the Nazi's were competent at first, but they absolutely fell apart internally due to mistrust, back stabbing, and demanding of loyalty above all else. Hitler famously made many poor military decisions.
And as a government they'd still be in power 20 and 30 years later if they didn't start the war (judging from Franco's spain).
I hear Los Alamos labs has an LLM that makes ChatGPT look like a toy. And then there's Sentinel, which may be the same thing I'm not sure.
Care to say more about that?
Apparently he was in fact allocated on a top secret project at los Alamos and his expertise was alternative propulsion back everything else is folklore, but it is deep folklore if you're interested in conspiracy theories
In old days ppl was saying: "I have no secrets" and now we evolved into "I know how to not upload important docs" ;)
edit: Just in case, in the company I currently work at, compliance apparently signed off on this with only a rather slim type of data verbotten from upload.
> have you ever misused drugs?
and I doubt I'd be able to resist the response:
> of course not, I only use drugs properly.
also I wouldn't lie, because that's would undermine the purpose. Still sad I can't apply for SC jobs because I'm extremely patriotic and improving my nation is something that appeals.
[0] https://web.archive.org/web/20170218040331/http://www.dod.mi...
Why would you give an answer when by your own statement, you're not knowledgeable? What a strange mindset.
>I believe you still have to have not used drugs in the prior year.
My own experience does not agree with this speculation.
Can you clarify your own experience to help the OP?
That said I can confirm that a few years back a friend who had previously used/experimented with a wide variety of substances (EDM scene, psychs), had no trouble getting a clearance.
They disclosed all of it, said they weren't currently using it and wouldn't for as long as they were in the job role, passed the drug test, and that was fine.
That said, to add to the "lying is a bad idea" point: I believe some of their references were asked about if they'd ever known that friend to have a dependency + if they were aware of any current/very recent use.
> no
and keep the rest of it in your head.
We're not talking about sneaking into a concert or something low-stakes, the security of our nation is the foundation of our very civilization. I have dual citizenship of a nation that borders Russia and was once the USSR, so I appreciate the stakes of worst case scenarios because one of my nations was under that boot rather recently.
> do you misuse drugs
is very much asking for the information about my drug use. So it was asked for.
[0] https://www.dhs.gov/archive/news/2024/12/17/dhss-responsible...
He graduated from Andhra University with a bachelor of engineering in electronics and communication engineering, the University of Texas at Arlington with a master's degree in computer science engineering, the University of Dallas with a Master of Business Administration in engineering and technology management, and Dakota State University with a doctorate in information systems.
And he still manages to make a rookie mistake. Time to investigate Mr. Gottumukkala's credentials. I wouldn't be surprised if he's a fraud.
It's sycophancy plain and simple. Surround yourself with only yes-men, it ends up becoming less and less competent as the ones who stand up and say no are replaced.
Even if they know better, they can't do better because they know there is no loyalty to nay-sayers.
It's the "market can remain irrational..." problem.
It's yet another broken feedback loop.
It's not uncommon for incompetent people to be put in positions of power. Because they are incompetent, competent but malicious people take advantage of this and commit actual crimes.
This is where actual conspiracies show up. And that is the incompetent powerful people cover up said crime to avoid looking incompetent.
It is an extremely common pattern.
DT has had a long history of operating like a mafia boss where the design of the people he chooses around him is to put scapegoats on when the criminal activities he's involved in is caught.
Or when the previous admin leaked classified Iran attack plans from the Pentagon, so bad that they didn't even know whether they were hacked or not.
You can at least pretend to make a technical argument over a political one.
Isn’t that the fault of the ISPs, not the admin?
From [0]: “Last year almost a dozen major U.S. ISPs were the victim”, “the intruders spent much of the last year rooting around the ISP networks”, “telecom administrators failing to change default passwords”, “Biden FCC officials did try to implement some very basic cybersecurity safeguards, requiring that telecoms try to do a better job securing their networks”. Per the original topic, the article goes on to explain how the Trump admin destroyed those little security steps.
I’m okay with some both-sidesing of bad opsec, but I think you’re incorrect on the blame in this story, and to the extent it is the government’s responsibility, the Trump II response was worse than the Biden’s.
[0] https://www.techdirt.com/2025/11/07/trump-cybersecurity-poli...
It's the worst U.S. government leak of all time, by far.
What do you consider a compromise of integrity if not a hacking of political campaigns?
Also, please clarify whether the 2016 DNC hack is an exemption to your prior answer so I can weigh your bias.
In fact the only people questioning it are conspirancy-minded people who don't know that there are robust methodologies to detect election fraud.
For example, this wasn’t just “oops, I used the wrong number” but Hegseth getting a custom line run into a secure facility so he could use a personal computer of unknown provenance and security:
https://www.nytimes.com/2025/04/24/us/politics/hegseth-signa...
That’s one of the reasons why one of the first moves they made was to fire CISOs and the inspectors general who would normally be investigating serious policy violations.
This isn’t “big government”, it’s the attitude that the law is a tool used to hurt their opponents and help themselves but never the reverse.
https://www.apa.org/topics/cognitive-neuroscience/polygraph
> Reviews of decades of scientific research suggest that polygraph tests are not reliable or accurate enough to be used in most forensic, legal or employment settings.
> Although lying can cause the physiological responses measured by polygraph machines—such as sweating and increased heart rate—those same changes can occur even when people are not lying, for example when they are nervous.
He was the 'CTO' of South Dakota and later the CIO/Commissioner of the South Dakota Bureau of Information and Telecommunications under governor Kristi Noem.
Edit: (From a European perspective) it seems like the southern states really took over the US establishment. I hadn't really grasped the level of it, before.
It's good to know the Americans aren't the only ones who never look at maps outside their own country
It seriously got me laughing. Thanks.
At least I know where your country is located.
Now, let me quiz you on the geographical locations of French regions? Or perhaps Finnish regions, if that's something you work closer with, day-to-day?
;)
https://en.wikipedia.org/wiki/Madhu_Gottumukkala
> In April 2025, secretary of homeland security Kristi Noem named Gottumukkala as the deputy director of the Cybersecurity and Infrastructure Security Agency; he began serving in the position on May 16. That month, Gottumukkala told personnel at the agency that much of its leadership was resigning and that he would serve as its acting director beginning on May 30.
Are the US ok? It's 2026 not 1926
Don’t give RFK Jr ideas.
This is pretty insane though.
> On Tuesday, Gov. Kristi Noem announced Gottumukkala's appointment as CIO. In a statement, she said he will prioritize the state’s citizens, their data and government service delivery.
https://www.govtech.com/workforce/south-dakota-governor-appo...
This issue is the one thing that gives me some hope that they can be ousted -- they are collectively too stupid and motivated only by their self interests to hold their power indefinitely.
So it means, a DLP solution, browsers trusting its CA and it silently handling HTTP in clear-text right?
Productivity and efficiency are key for their work. I am sure there are lots of Sysadmins here, that had to disable security controls for a manager or had to configure something in a way to circumvent security controls from actually working. I have been in many situations where I have been asked by IT colleagues if doing something like that was fine, because an executive had to read a PowerPoint file NOW.
Execs are just as stupid as your average person and bypassing security controls for them puts an organization at an even greater risk due to the kinds of information they have access to. They just get away with it because they’re in charge.
DOGE/Musk, noem, Kash, hegseth, etc.
You bring in vendors and they need guest wifi to give you a demo, you need to be able to give them something to connect to but you don't want that pipe to be unmonitored.
But also, how was it caught in the first place? Was it automatically flagged because content scanners automatically identified this as a concern, or was his account specially flagged for extra monitoring because of who he is?
as the post above says.. on managed devices, there can be an enforced vpn, that monitors all traffic coming and going, and while its at it, strip out the encryption and look inside the packets, and apply heuristics like .. what is the host domain, is it from a known LLM site.. and is its a POST message sending data, and then does the text of that data have a string matching "INTERNAL USE ONLY". I assume something like this.
But when the chief does it, it's an oopsie poopsie "special exemption".
> Once again, if you or I did this, it's federal crime and federal time.
Guys... we're talking about FOUO. Not even low-level classified. This is a nothingburger. The toilet paper you wipe with is FOUO, there is essentially no document in the government that isn't at least FOUO.
That said, IIRC For Official Use Only is the lowest level of classification (note not classified) it's not even NOFORN. It's even multiple levels below Sensitive But Unclassified.
So, who cares?
Much more significant is he failed the SCI/full poly... that means you lied about something. Yes I know polys don't work, but the point of the poly is to try to ensure you've disclosed everything that could be used against you, which ideally means no one could flip you or manipulate you. The functional part is to determine if you have anxiety about things you might try to hide, because that fear can be used against you. No fear/anxiety, or nothing you're trying to hide means you're harder to manipulate.
That feels bad even ignoring the whole hostile spys kinda thing.