What a wonderful case of “Do as I say…not as I do”.  The realistic labor and cost implications of information security have alluded the federal government for far too long.  DHS clearly does not grasp practical IT management.  There is no sound argument as to why basic blocking and tackling has not been performed.  DHS has a huge target on its back.  It must lead this fight for US government agencies and not hide from it.

https://www.infosecurity-magazine.com/news/us-dhs-slammed-for-infosecurity/