U.S. Defense Department to Implement New Email Encryption Standards
Following the saga of Kaspersky and the vulnerabilities in the U.S. Defense System, the department is determined to replace old ways with new standards. By next year (2018), the US Department of Defense will be building and implementing a new security system for all its electronic communication.
The Defense Information Systems Agency (DISA) which is responsible for the safe management of Pentagon emails will be adopting the STARTTLS encryption protocol to prevent the transition of emails while in transit. This decision came after a criticism from Senator Ron Wyden, Democrat of Oregon who questioned the DISA for not using the STARTTLS protocol – a system that has been in use by private and commercial sectors for the protection of email communication.
The STARTTLS system has been around for the past 15 years. It takes an existing insecure connection and upgrades it to a secure connection using the combination of the SSL and TLS both of which represent the same technology, albeit differ in versions. The TLS is the advance version of SSL and with the STARTLLS system, encrypted ports decide which version to use based on software configuration and other details. In a letter to the DISA, the Senator emphasized on the necessity of using the STARTTLS protocol, saying, ‘“As you may know, the technology industry created STARTTLS fifteen years ago to allow email servers to communicate securely and protect email messages from surveillance as they are transmitted over the internet.”
With this criticism, the DISA has finally decided to take on the STARTTLS protocol as Maj. Gen. Sarah Zabel, Vice Director of DISA informed the Senator in a letter where she wrote, “DISA is actively working an acquisition to upgrade the email gateways that will allow us to take advantage of evolving capabilities for email protection.”
The Pentagon had been making use of the Public Key Infrastructure which is a pretty effective security system, however, the Senator insists on the DISA to make use of a basic, widely-used technology. He stressed the importance of the system saying, ‘’until DISA enables STARTTLS, unclassified email messages sent between the military and other organizations will be needlessly exposed to surveillance and potentially compromised by third parties.”
One would wonder why the DISA has been reluctant from using the STARTTLS technology if it’s so popular and secure? Shouldn’t it be obvious that the DISA would benefit from it? Gizmodo acquired a letter late April of 2017 that gives the answer to this obvious question. In the letter, the DISA made it clear that they did not use the protocol because it would, “interfere with the ability to inspect each email it was sent for malicious software, phishing attempts, and other exploits. In fact, DISA rejects over 85% of all DoD email traffic coming from the Internet.” This essentially means that DISA painstakingly monitors every email coming to them, sorting them out according to the kind of threat posed. Despite this regulated effort, email remains a dangerous threat to the Defense Department and it is high time they adopted a default safety protocol as the STARTTLS in combination with other standards.
This may also mean that the department will be investing in new technologies, infrastructure, and equipment in order to support the STARTTL protocol as the department claims that it has an antiquated technology. Leaked emails, conspiracies and voter frauds making the rounds of news for the past one year has posed a significant challenge for the Defense Department.
Senator Wyden expressed his concern over the lack of security in electronic communication as he says, ‘Far too long, many of the unclassified email messages sent and received by members of the military have been left vulnerable to surveillance by foreign governments and hackers.’ With this, the Senator also calls for the rapid execution of the project instead of taking an entire year.