In a one-page memo, Executive Director John James Jr. wrote that in recent months government employees and contractors were detected “engaging in inappropriate use of the MDA network.”
“Specifically, there have been instances of employees and contractors accessing websites, or transmitting messages, containing pornographic or sexually explicit images,” James wrote in the July 27 memo obtained by Bloomberg News.
“These actions are not only unprofessional, they reflect time taken away from designated duties, are in clear violation of federal and DoD and regulations, consume network resources and can compromise the security of the network though the introduction of malware or malicious code,” he wrote.
Individuals identified as violating the rules face referral for “appropriate” disciplinary action, he wrote. They put “their security clearances in jeopardy, and are subject to suspension and removal from federal service or MDA sponsored contracts.”
Agency spokesman Rick Lehner said in an e-mail that the memo was written in response to “a few people downloading material from some websites that were known to have had virus and malware issues.”
“MDA has more than 8,000 employees, and less than a half- dozen were found to have accessed restricted sites or downloaded inappropriate materials,” Lehner said. “MDA has a highly- advanced monitoring system to detect intrusions, access to inappropriate websites, viruses and malware downloads, and it worked as designed, and there was never any compromise of the MDA computer network.”
A government cybersecurity specialist, who spoke on the condition of anonymity because such work is classified, said that many pornographic websites are infected and criminals and foreign intelligence services such as Russia’s use them to gain access to and harvest data from government and corporate computer networks.
“There are great dangers in interacting with any site that has high-quality imagery, whether it’s pornographic or not, or a lot of links,” said Chase Cunningham, chief of cyber analytics at Sterling, Virginia-based Decisive Analytics Corporation, in a telephone interview yesterday.
Using what is called steganography, Cunningham said, a programmer can embed malicious computer code that infects computers, opens ports, steals data or gains access to networks when photos, videos or other files are downloaded.
The Missile Defense Agency is responsible for developing, fielding and upgrading the nation’s ground- and sea-based missile defense programs, working with Japan and Israel, among other nations. Its top contractors are Chicago-based Boeing Co. (BA); Lockheed Martin Corp. (LMT), based in Bethesda, Maryland; Raytheon Co. (RTN) of Waltham, Massachusetts; Falls Church, Virgina-based Northrop Grumman Corp. (NOC); and Orbital Sciences Corp. (ORB) of Dulles, Virginia. The Pentagon is seeking $7.7 billion for the agency in fiscal 2013.
The Pentagon inspector general criticized the agency’s director, U.S. Army Lieutenant General Patrick O’Reilly, for abusive behavior toward subordinates in a May 2 report.
“Witnesses testified that O’Reilly’s leadership style resulted in a command climate of fear and low morale,” the inspector general found. The report was on the inspector general’s website.
In his memo, James reminded employees that the agency’s “network systems are subject to monitoring at all times. Inappropriate usage will be detected and reported to supervisors for appropriate disciplinary action.”
“The seriousness of the potential breach to operations cannot be overstated,” James wrote. “Contracting officers will coordinate action through contractor management when contractor personnel engage in inappropriate usage.”
Lehner denied the memo was intended to intimidate agency employees from reading the IG report.Asian Defence News