I've noticed that many .gov email addresses just relay to gmail. I assume or hope it's at least business accounts and I hope they require 2FA at least. This has mostly been state .gov addresses that I have experienced gmail bounces, errors and such but there probably needs to be an extensive audit done for all .gov email addresses to see what is being relayed or routed where and which of those emails are encrypted and have the correct government classification headers for gov-to-gov emails. That should give DOGE something to do.
FYI, the US National Oceanic and Atmospheric Administration (NOAA) runs on GSuite/Google Workspace. Both PIV and WebAuthn are used for MFA. I've never seen anything there that wasn't simply unclassified, but for communications that need extra layers of encryption/DLP, they also have Kiteworks.
Nice they have DLP. Have they configured it to analyze or look for classification headers and are there teams that will reach out to violators and politely re-educate them?
> Waltz had “potentially exploitable information” sent to his Gmail, such as his schedule and other work documents
Says nothing about him sending information from the account
Goes on to say one of his aides "used Gmail for more sensitive material, such as discussing military positions and weapons systems" which is pretty vague as far as accusations go