Pentagon Cut Off Access to Personal Email to Fight Malicious Messages

Pentagon officials last week cut off employee access to private webmail after a malicious, pervasive email campaign was spotted.

Employees could not log on to commercial webmail services from the military's network for about 48 hours beginning Thursday night, according to the Defense Department. The Defense Information Systems Agency, which operates the Department of Defense Information Network, severed connections, by direction of U.S. Cyber Command.

Defense restored access over the weekend.

"The decision to temporarily block commercial webmail services was a result of a recent, widespread phishing effort," agency spokesman Jeffrey Capenos told Nextgov in an email Wednesday.

He declined to comment on whether the adversaries disrupted or compromised any systems, but said the agency routinely fights well-resourced threats.  

"Given any indicators of suspicious activity," Pentagon cyber pros have systematic procedures in place and, "as appropriate, mitigate malicious activity, confirm network security and integrity, and further harden defenses," Capenos said.

"DOD cyber forces counter thousands of adversarial cyber efforts daily, and in the highly contested domain of cyberspace, we remain focused on aggressively preventing, mitigating and maintaining resilience against increasingly sophisticated efforts," he said.

The military was rattled by a successful targeted "spearphishing" attack last summer. In July, hackers tricked Joint Staff personnel into opening emails that helped a nation state, reportedly Russia, penetrate a Pentagon unclassified network.

Defense has documented that "social engineering" incidents aimed at duping personnel into revealing information rose from 182 to 290 in 2015, according to an annual White House report on information security compliance released March 18. The military scored 15 percent on its "anti-phishing" protections against emails and websites that solicit sensitive information.

On Tuesday afternoon, top military brass told lawmakers their reflexes are fast when faced with early signs of secret-stealing emails.

Last summer's phishing episode "was caught very quickly," Pentagon Chief Information Officer Terry Halvorsen said at a House Armed Services subcommittee hearing on the defense budget. The military "had very limited exposures."

After examining the volume of incoming email traffic and the number of employees who clicked on the malicious ones, the numbers show great improvement compared to past events, he said.

As for accountability, after identifying the employees who clicked, "in some cases we did some remediation" and in other cases, where it appeared personnel had adhered to proper security hygiene, the department conducted more training, Halvorsen said.

"We are certainly holding people accountable to a higher standard now," he said. A recent  “cybersecurity culture and compliance memo” holds "individual command-level" officials responsible for security lapses, he added.