Author: Dell Cameron / Source: Gizmodo
One year from now, the U.S. Department of Defense (DoD) expects to implement a new infrastructure to increase security around the way it communicates electronically, Gizmodo has learned.
The Defense Information Systems Agency (DISA), which manages the Pentagon’s email systems, says it intends to adopt, by default, STARTTLS, an encryption protocol designed to prevent the interception of email messages in transit. “DISA is actively working an acquisition to upgrade the email gateways that will allow us to take advantage of evolving capabilities for email protection,” wrote Maj. Gen. Sarah Zabel, vice director of DISA, in a letter this week addressed to Senator Ron Wyden, Democrat of Oregon.
In late March, Wyden sent a letter to DISA inquiring as to why the Pentagon had not already enabled STARTTLS, as it is widely used by default throughout the federal government and in the private sector to protect email communications. “As you may know, the technology industry created STARTTLS fifteen years ago to allow email servers to communicate securely and protect email messages from surveillance as they are transmitted over the internet,” Wyden wrote.
The senator added that while the Pentagon uses various other systems to protect classified and unclassified messages—such as Public Key Infrastructure (PKI), which allows for the encrypted transfer of data at DoD, as well as to and from its defense industry partners—Wyden was “concerned that DISA is not taking advantage of a basic, widely used, easily-enabled cybersecurity technology.” He continued: “Indeed, until DISA enables STARTTLS, unclassified email messages sent between the military and other organizations will be needlessly exposed to surveillance and potentially compromised by third parties.”
It appears, however, that surveillance was at least one reason why DISA had not enabled STARTTLS already. In a…
Click here to read more