He United States Department of Defense and Microsoft Corp. are investigating a bug that exposed at least a terabyte of military emails including personal information and conversations between officials, people familiar with the matter said. This episode highlights the security risk involved in moving sensitive data from the Pentagon to the cloud.
(Also: China rejected a call from the Pentagon chief on the day the balloon was shot down)
The Pentagon’s Cyber Command has taken the lead in the investigation with Microsoft, which operates the Azure cloud computing service that stored the data. The information on a US Special Operations Command server could be accessed without a password, the people said, requesting anonymity as the information has not been released publicly.
Investigators still have no sign that the exposed data was accessed, but were still evaluating the consequences of the leak, the people said. A US Cyber Command spokesman declined to comment, but said defensive cyber operators scan and mitigate the networks they manage.
The emails contained conversations between Pentagon officials, as well as completed SF-86 forms, which government employees must complete to obtain security clearances, according to screenshots of the emails shared by Anurag Sen, an independent security researcher who discovered the leak.
(Also: NASA and Pentagon develop nuclear-powered rocket to travel to Mars)
The incident was first reported Tuesday by TechCrunch. The exposure may have resulted from a configuration error with Microsoft’s server that left it accessible to the public, two of the people said. They had different analyzes on who was at fault, one said it was from a Pentagon employee and another from Microsoft.
The leak will bring new scrutiny to the Pentagon’s push to move much of its data into commercial cloud computing. On February 15, the Pentagon’s inspector general issued a report saying agency staff “may not be aware of vulnerabilities and cybersecurity risks” related to storing data in the cloud.
The leak may also complicate Microsoft’s bids for future government contracts.. Microsoft is one of four companies, along with Alphabet Inc., Oracle Corp., and Amazon.com Inc., that the Pentagon has selected to compete for orders under a potential $9 billion cloud computing contract. Microsoft initially won an earlier contract worth $10 billion, but it was canceled after a legal challenge from Amazon.
Microsoft took a hit last month after Congress rejected the Army’s request for $400 million to buy up to 6,900 Microsoft combat goggles, which were found to cause headaches, eyestrain and nausea.
Bloomberg
More news at eltiempo.com
#Pentagon #Microsoft #investigate #military #email #leak