The Pentagon Goes to War Against Personal Email Accounts

The Department of Defense may block access to commercial web-based email. This could also end up ensuring that no young, smart person wants to work there.
March 23, 2016, 4:55pm
Photo via Wikimedia Commons

On Thursday evening last week, the Pentagon killed email.

Or rather, the US Defense Information Systems Agency, at the request of the US Cyber Command, blocked access to commercial, web-based email servers — like Google's Gmail, Yahoo, and so on — on its unclassified internet network, for all of its personnel in what it calls the "National Capital Region," or the area in and around Washington. This may seem like a run-of-the-mill issue; after all, large corporations and bureaucracies block access to some electronic function or the other all the time, mostly for maintenance reasons.

But the Pentagon outage lasted 48 hours, barring access to web-based email services on the Non-Classified Internet Protocol Router, known as NIPR or NIPRnet. This was in response to widespread phishing attacks, according to Jeffrey Capenos, a Defense Information Systems Agency spokesperson.

In other words: If you worked for the US Department of Defense, you would not have had access to any web-based email communications for two days. And that's a big problem for a giant bureaucracy that wants to attract more young people to fight the cyberwars it sees in the United States' future.

Secretary of Defense Ash Carter and the Department of Defense as a whole are trying to grapple with a resurgent Russia, rising China, and radical extremists throughout the Middle East and Asia. Those efforts include a vast cyber-warfare component.

Major initiatives already underway include outreach to tech companies and Silicon Valley as a whole, and a host of new personnel and hiring reforms. The decision to bar access to personal web-based email accounts is going hurt these efforts, as it may help ensure that no tech-literate millennial ever wants to work for the Department of Defense, which relies on an increasingly old workforce that hit drinking age when the Cold War (the real one, not today's rehash) was still happening.

The DoD is doing the exact opposite of what, for example, Hillary Clinton did during her tenure as Secretary of State, when she avoided using official email and relied instead on a personal account hosted on a private server. At the Pentagon, there has already been some discussion about making the ban on web-based personal email permanent.

But the problem isn't just the security of servers. It's also the people using them and possibly doing stupid things, like clicking on bad links or opening sketchy attachments, is already a huge source of grief for Pentagon computers. Which gets to the core problem of most cybersecurity: an old computer science term, "PEBCAK" (meaning Problem Exists Between Chair And Keyboard).

Related: Pentagon Responds to Russian Hacker Breach by 'Showing a Little Leg'

Some of the most successful "cyberattacks" were really more successful con jobs than anything else, working on hacking the user, rather than the computer. Thus, a huge portion of cybersecurity is basically trying to prevent dumb users from doing dumb things.

The Pentagon has already admitted to security breaches in the past, possibly from PEBCAK-related issues on its non-classified Internet, so this isn't a new kind of problem, or one likely to go away soon. Banning access to web-based email may help solve that problem, but also buy the Pentagon another one. People in general, and especially the more tech-savvy it needs to attract, feel an increasing need to be constantly connected. But the more connected people and computers are to one another, the greater chance that information will leak or be otherwise compromised. (Couldn't employees with smartphones, i.e. pretty much everybody, just use them to do their emailing? In theory, yes. But just try to get a cell phone signal inside the Pentagon.)

In much of the developed world, but especially the US, debates over privacy, freedom, and security are in full swing. And the Pentagon is no different. There are now several generations of workers who fully expect to have open personal communication channels while at work, in exchange for which they'll keep a line of work-related communication open around the clock. How that will play out with the Pentagon's legitimate security precautions is unclear, but it may end up causing the Department of Defense an entirely new kind of headache.

Follow Ryan Faith on Twitter: @Operation_Ryan