The Pentagon, known to be guarding some of the world's most well-kept secrets, is surprisingly still not using an encrypted email service, which could expose a trove of military data to potential hackers.
The Defense Information Systems Agency (DISA), the Pentagon's branch that oversees digital communications, failed to adopt an encrypted email service as per a letter written by Senator Ron Wyden who warned the agency for taking such a risk. DISA is responsible for providing email services to the Army, Navy, Marines and the Coast Guard.
"I am concerned that DISA is not taking advantage of a basic, widely used, easily enabled cybersecurity technology," Wyden wrote in the letter, obtained by Motherboard.
In 2015 suspected Russian hackers had launched a cyberattack on the Pentagon leaving data of nearly 3,500 military personnel and civilians vulnerable to exposure.
"Until DISA enables STARTTLS (to take an insecure connection and upgrade it to a secure one) for unclassified email messages sent between the military and other organisations, we will be needlessly exposed to surveillance and potential compromise by third parties," says Wyden.
The agency refused to comment on the matter, but did say that it will formally respond to the Senator's letter.
Currently the FBI, NSA, CIA, the Director of National Intelligence and the Department of Homeland Security have enabled email encryption for their servers. Major technology giants like Facebook, Google, Microsoft and Twitter also use encryption-based email services.
What is STARTTLS?
STARTTLS adds a level of encryption over the standard email protocol that results in encryption of emails that go from one email server to another. Both your email provider and the recipient's provider has to support STARTTLS for the email to be protected all along. If either don't, it will be open to access midway.