After all that America’s been through over the course of the last two years with online hacking, one would assume that in 2017, every one of the U.S. government agencies would be taking the necessary measures involved in assuring their communications are protected by basic encryption technology. One would especially assume this was the case after Motherboard found out they were failing to do so back in 2015. Well, if you assumed any of this, you would be wrong because (according to Motherboard) the Defense Information Systems Agency (“DISA”) is still not up to snuff in regards to protecting itself from outside entities. Hell, they may not even put a piece of tape over their webcam for all that we know. Even we know to do that.
Motherboard used an online tool to test if the DISA, the government’s branch that oversees email through the mail.mil service was properly protecting date. They were not, and it royally pissed off Sen. Ron Wyden (D-Oregon):
“I am concerned that DISA is not taking advantage of a basic, widely used, easily-enabled cyber security technology,” Wyden wrote in the letter to DISA, which was obtained by Motherboard. “Indeed, until DISA enables STARTTLS, unclassified email messages sent between the military and other organizations will be needlessly exposed so surveillance and potentially compromise by third parties.”
In response to Wyden’s letter, DISA declined to comment:
“DISA did receive Senator Wyden’s letter and is in the process of providing a formal response back to the senator,” a DISA spokesperson said in an email. “As such, we will not comment further until Senator Wyden is provided that response.”
The STARTTLS Wyden mentions in his letter is an online tool a company can use to transform an existing insecure connection into a secure one. The tool protects emails that up until recently were completely exposed while in route from server to server. According to Motherboard, the FBI, NSA, CIA, the Director of National Intelligence and the Department of Homeland Security have all adopted it, but DISA has yet to meet the industry standards. After getting busted for the second time, you can be sure DISA is looking into re-upping their subscription or at least updating their Norton anti-virus software.
(Via Motherboard)