U.S. Military Must Step Up Top Brass Training to Thwart Phishing
NEWS ANALYSIS: A quick training session after a network breach is a good idea, but the Joint Chiefs of Staff need to apply military practices to solving their phishing problem.When the offices of the Joint Chiefs of Staff at the Pentagon were hacked three weeks ago, the hackers, who were apparently from Russia, harvested a trove of unclassified but sensitive data. What happened is that those hackers managed to launch a phishing attack against one or more people at the JCS and were successful in at least one case. Fortunately, it wasn't long before cyber-security systems discovered them in the Pentagon's unclassified mail system and shut the system down. Shutting the system down limited the damage and ensured that no more information would be extracted until security personnel could determine exactly how the hackers had gotten in and what information they'd taken. They're still working on that. Meanwhile, The Wall Street Journal reports that JCS personnel received a one-hour training session on what a phishing attack is and how to avoid one. Such a training session is probably a good thing since it's important to help the staff understand the problem. But for an organization that's handling our country’s sensitive national defense information, one has to wonder if that's all they're going to get.
A little background: When someone talks about an unclassified email system, to the outsider it sounds as if this is an email system that's used for setting up lunch meetings and discussing this week's failure of the Washington Nationals’ bullpen. To some extent that's true, but an unclassified email system is much more than that.