[_wp3r]

Couple of considerations.

There are technical reasons that SIPR and JWICS communications are more secure than a private server. Mostly related to air-gaps and physical key infrastructures.

Secondly, the correspondence in review is internal and not so much related to the external communication role of the SoS. In this specific circumstance, the SoS chose to forgo the security apparatus for internal classified communication for something more user friendly.

[Retric]

An air gap would mean her private email could not reach computers on SIPR and JWICS which implies the SOC's email is not on those networks.*

*baring some sort of store and forward.

[_wp3r]

You are exactly right. Those systems are closed loop for a reason. The store/forward in this specific case was most likely a human, with a scanner or just retyping documents from those networks on to a unclass network and then sending to the private address. How that is not deliberate we will never know.