Just 1 Out of Every 7 Emails The Pentagon Gets Is Legit

Of 700 million emails sent to DOD accounts monthly, about 98 million are actually “good emails,” an official says.

Hate checking your email inbox every day?

It could be worse: You could be one of the 1.6 million users on Pentagon email systems where only one in seven of the more than half a billion monthly emails received are actually legitimate.

The rest are a mixture of malicious password phishing attempts, chock full of viruses, or the bane of modern humanity’s existence: spam.

“Out of 700 million emails we’ll get in a month, only about 98 million are actually good emails,” said Lt. Gen. Alan Lynn, director of the Defense Information Systems Agency, speaking at a Washington, D.C., area event Wednesday hosted by Defense Systems.

“The rest,” he said, “are spam and worm attacks.”

Lynn made the point when discussing whether the Defense Department will seek to transition its unclassified email to the cloud. DOD released a memo earlier this month seeking feedback from industry experts and stakeholders as it assesses how best to drive email costs down. Cost reduction is the biggest driver for the Pentagon’s future move, Lynn said, but security remains paramount – a fact he’d like commercial providers to be aware of.

“Industry gets excited about [cloud] until I tell them there’s a risk,” Lynn said. “We get attacked a lot. There’s a risk associated with that.”

The Pentagon has been evolving its cloud security requirements and cybersecurity policies in recent years as it looks toward a shared-services approach to information technology across DOD referred to as the Joint Information Environment.

Cloud computing figures to play a major role in the Pentagon’s implementation of the JIE. According to the Pentagon’s principal deputy chief information officer, David DeVries, who also spoke at the event, 19 DOD cloud consumers are migrating sensitive unclassified workloads to secure commercial cloud platforms, while three initial implementations are already operational.

Email could be next. If so, the potential cloud and email provider better have good security and spam filters.