The Department of Defense and Microsoft Corp. are looking into an incident that made the emails of military personnel, along with personal information and conversations between officials, visible to the public. This occurrence has put a spotlight on the security of shifting sensitive Pentagon information to the cloud. People who know the matter have reported exposure to at least a terabyte of emails.
The Pentagon’s Cyber Command is spearheading the inquiry with Microsoft, the organization that runs the Azure cloud computing service where the data was stored. According to individuals who asked to remain anonymous because the information had not been made public yet, no password was required to access the U.S. Special Operations Command server.
According to investigators, no indication has yet been found that the divulged data was accessed. However, they are still attempting to evaluate the leak’s consequences, as the people noted. A US Cyber Command speaker refused to make any remarks but noted that defensive cyber operators inspect and reduce the impact on networks they manage.
In the initial phases of assessing the allegations of emails being exposed, Sabrina Singh, a spokeswoman at the Pentagon, declared to the press that “it is not our policy to comment on the safety of our systems.”
An independent security researcher, Anurag Sen, discovered the leak and shared screenshots of the emails, which contained conversations between Pentagon officials and had already filled-out SF-86 forms, which are mandated to be filled out by federal employees to receive security clearances. This incident was reported earlier Tuesday by TechCrunch.
The people familiar with the matter had differing opinions on what caused the exposure, with one indicating a configuration error by Microsoft’s server, leaving it open to the public. At the same time, the other said a Pentagon employee was responsible.
The Pentagon’s effort to shift its data into commercial cloud computing will likely come under closer observation following the revelation of the leak. On Feb. 15, the Pentagon Inspector General released a report claiming that the agency’s personnel may need to be cognizant of the potential security vulnerabilities and risks associated with storing data in the cloud.
The breach may be complex as Microsoft attempts to obtain future contracts from the government. It is one of four businesses, including Alphabet Inc., Oracle Corp., and Amazon.com Inc., chosen by the Pentagon to contend for orders under a possible $9 billion cloud-computing contract. Microsoft had initially been awarded an earlier contract worth $10 billion; however, that was revoked after a legal challenge by Amazon.
Last month, Microsoft encountered a setback as Congress denied the Army’s proposition for an expenditure of $400 million to acquire up to 6,900 of their combat goggles, which had been observed to cause headaches, eyestrain, and queasiness.
Read the full DoD report here.
COMMENTS
There are on this article.
You must become a subscriber or login to view or post comments on this article.