Scrawled in ink at the bottom of the memo, Secretary of Defense James Mattis’ warning could not be clearer: “Be alert!”
In the lineage of warnings like “loose lips sink ships,” Mattis warned Department of Defense employees in a memo to “remain vigilant” in a world where secrets can fall into the hands of digital intruders, coming after a series of high-profile data breaches that has embarrassed America’s top defense officials.
For the estimated 2 million Defense Department employees, the secretary’s warning served as more of a pep-talk than a crash course in digital security. “There can be no complacency,” the memo warned. “Vigilance is our best defense” against losing sensitive data, it added.
Of course, there are already virtual reams of regulations that the department’s officials are expected to follow when it comes to handling America’s most tightly held secrets. The National Institute of Standards and Technology’s publications can be as comprehensive as they are tedious.
But the memo’s timing is auspicious.
Chinese hackers stole “massive amounts of highly sensitive data related to undersea warfare” from a Navy contractor, the Washington Post reported June 8, The episode is one of the most publicized raids on American digital secrets at the hands of a foreign government in recent memory.
On June 20, lawmakers appear to have been briefed on the hack. Rep. Adam Smith, D-Wash., lashed out at the military for its lack of cyber preparedness.
“It was shocking how disorganized, unprepared and, quite frankly, utterly clueless the branch of the military was that [it] had been breached,” Smith said during a hearing on June 21. “Even in this day and age, we still have not figured out how to put together a cyber policy to protect our assets.”
And baked into the secretary’s memo appears to be at least one other reference to a high-profile breach of sensitive Defense Department information.
“Protect your health, biometrics and financial information,” Mattis warned in the memo, which was written seven months after sensitive military outposts were revealed using data from the Strava fitness app.
While Mattis’ memo did not address the alleged China hack or Strava incident by name, it was clear-eyed regarding the consequences for poor cyber hygiene.
“The potential consequences of compromised data could be serious, not just for you and your families, but for the readiness and resiliency of this department.”
Justin Lynch is the Associate Editor at Fifth Domain. He has written for the New Yorker, the Associated Press, Foreign Policy, the Atlantic, and others. Follow him on Twitter @just1nlynch.