Pentagon Shuts Down Email Network After Suspicious Activity
On July 29 a part of DoD’s email network was shut down after a ‘suspicious activity’ was discovered on systems. This non \classified email network was used by Army General Martin Dempsey and other members of the U.S military’s Joint Staff.
Lieutenant Colonel Valerie Henderson stated that:
We continue to identify and mitigate cybersecurity risks across our networks. With those goals in mind, we have taken the Joint Staff network down and continue to investigate
The Pentagon has not released details of the type of the event being investigated, but confirmed that the shutdown was initiated by the DoD and was not the result of malicious activity directly.
Late in 2014, U.S. State Department officials similarly disclosed they had taken an unclassified email system offline as a precaution following an unauthorized access event, joining a growing list of federal agencies who had disclosed network breaches recently.
Officials said they had observed “activity of concern” on the systems around the same time period that the White House had reported a similar incident on its unclassified systems, as did the U.S. Postal Service (USPS) and the National Oceanic and Atmospheric Administration (NOAA).
In February of this year, after three months of working to secure the unclassified email system, the State Department was still unable to expel the attackers and lock down the network, according to sources with knowledge of the investigation.
The USPS had to disable employee VPN access to its networks and suspend telecommuting in the wake of a substantial data breach, but did allow staff to resume remote work after a deploying security enhancements.
NOAA reported they were the subject of a serious unauthorized intrusion in late September of last year, but officials had given no notice that a security incident had taken place until late in October.
NOAA spokesman Scott Smullen released a statement at the time saying that the agency began incident response immediately upon learning of the system breach, but declined to provide any more details as an investigation was underway.
The timeline of these events could be indicative of a coordinated effort by attackers to probe federal systems looking for vulnerabilities that could be exploited at a later date, and it would not be surprising if other government entities have also suffered security events that have yet to be disclosed publicly, if ever.