Logo

American Security Council Foundation

Back to main site

Alan W. Dowd is a Senior Fellow with the American Security Council Foundation, where he writes on the full range of topics relating to national defense, foreign policy and international security. Dowd’s commentaries and essays have appeared in Policy Review, Parameters, Military Officer, The American Legion Magazine, The Journal of Diplomacy and International Relations, The Claremont Review of Books, World Politics Review, The Wall Street Journal Europe, The Jerusalem Post, The Financial Times Deutschland, The Washington Times, The Baltimore Sun, The Washington Examiner, The Detroit News, The Sacramento Bee, The Vancouver Sun, The National Post, The Landing Zone, Current, The World & I, The American Enterprise, Fraser Forum, American Outlook, The American and the online editions of Weekly Standard, National Review and American Interest. Beyond his work in opinion journalism, Dowd has served as an adjunct professor and university lecturer; congressional aide; and administrator, researcher and writer at leading think tanks, including the Hudson Institute, Sagamore Institute and Fraser Institute. An award-winning writer, Dowd has been interviewed by Fox News Channel, Cox News Service, The Washington Times, The National Post, the Australian Broadcasting Corporation and numerous radio programs across North America. In addition, his work has been quoted by and/or reprinted in The Guardian, CBS News, BBC News and the Council on Foreign Relations. Dowd holds degrees from Butler University and Indiana University. Follow him at twitter.com/alanwdowd.

ASCF News

Scott Tilley is a Senior Fellow at the American Security Council Foundation, where he writes the “Technical Power” column, focusing on the societal and national security implications of advanced technology in cybersecurity, space, and foreign relations.

He is an emeritus professor at the Florida Institute of Technology. Previously, he was with the University of California, Riverside, Carnegie Mellon University’s Software Engineering Institute, and IBM. His research and teaching were in the areas of computer science, software & systems engineering, educational technology, the design of communication, and business information systems.

He is president and founder of the Center for Technology & Society, president and co-founder of Big Data Florida, past president of INCOSE Space Coast, and a Space Coast Writers’ Guild Fellow.

He has authored over 150 academic papers and has published 28 books (technical and non-technical), most recently Systems Analysis & Design (Cengage, 2020), SPACE (Anthology Alliance, 2019), and Technical Justice (CTS Press, 2019). He wrote the “Technology Today” column for FLORIDA TODAY from 2010 to 2018.

He is a popular public speaker, having delivered numerous keynote presentations and “Tech Talks” for a general audience. Recent examples include the role of big data in the space program, a four-part series on machine learning, and a four-part series on fake news.

He holds a Ph.D. in computer science from the University of Victoria (1995).

Contact him at stilley@cts.today.

Despite FBI Warning, US Military, Government Workers Still Using Zoom

Friday, April 10, 2020

Categories: ASCF News Emerging Threats Cyber Security

Comments: 0

U.S. military and government employees continue to use the popular videoconferencing application Zoom for official business, despite FBI warnings about privacy and security issues, an action experts fear is increasing the risk of government data breaches.  

Zoom has seen a surge in activity during the coronavirus pandemic as office workers across the country have turned to the free app to quickly arrange video calls with dozens of participants. 

The federal government has been no different, despite an FBI announcement April 1 that hackers could exploit weaknesses in videoconferencing software systems like Zoom to “steal sensitive information, target individuals and businesses performing financial transactions, and engage in extortion.”  

The security concern is much greater than “Zoom bombing”  attacks reported by users whose chats have been infiltrated by hackers shouting profanities or posting lewd images. 

Experts say the teleconferencing app may introduce security risks not only during government employees’ Zoom sessions, but to data that resides on government computers.  

“If there are vulnerabilities, the app can jeopardize the security of data on the computer on which it is installed, or even potentially on other computers on the same network,” Joseph Steinberg, a leading cybersecurity expert and the author of Cybersecurity for Dummies, tells VOA. “Such vulnerabilities have been discovered — and more may exist.” 

Zoom CEO Eric Yuan said in an April 1 blog post that the company was freezing work on new features to focus on fixing its privacy and security problems.   

In the meantime, VOA reporting shows that Zoom remains one of the most popular videoconferencing applications for U.S. government employees from the Pentagon to Capitol Hill, not all of whom are aware of its potential risks.  

"I'm not aware of any issues with Zoom,” a senior official in the Office of the Joint Chiefs of Staff told a small group of reporters a day after the FBI guidance was issued. 

The U.S. defense official said he was using Zoom to videoconference amid the need to social distance, but when pressed by VOA about the potential security risks, the official added that every discussion his team had while on Zoom was “at the unclassified level." 

Government employees can use Zoom for Government, a paid tier service that is hosted in a separate cloud authorized by the Federal Risk and Authorization Management Program. It is unclear, however, how many government employees have differentiated between the two services thus far. 

To date, Zoom remains on the approved list of mobile phone applications for U.S. Department of Defense employees, according to multiple officials. 

However, one senior defense official said the Pentagon was currently looking into “guidance adjustments” for the application. 

Multiple employees at the State Department have also been using Zoom for official business. One staff member said he and his colleagues have daily Zoom meetings and have not received any guidance against using the app for internal and external communication. 

Assistant Secretary of State for Political-Military Affairs R. Clarke Cooper last week tweeted about his department’s use of a “Zoom Room.” 

The State Department sent an email to employees Thursday morning saying that the free version of Zoom "is not authorized for the conduct of official business or on official Department devices used to access OpenNet." It told employees to use Cisco Webex, FAN Google Meet, Microsoft Teams or Skype for Business.  

"While the Government version of Zoom may be reviewed for Department adoption in the future, Zoom has been approved for use on Dedicated Internet Networks (DIN)," the email said.  "In light of new security concerns, the Bureau of Information Resource Management office of Information Assurance (IA) will take a fresh look at this and address any cybersecurity concerns that may exist."  

On Capitol Hill, a U.S. lawmaker’s office insisted that VOA use Zoom for an interview, despite the FBI warning. The lawmaker’s press secretary told the reporter that there would not be security issues because the meeting was password protected. 

A Zoom spokeswoman told VOA Zoom takes user security “extremely seriously.”  

“A large number of global institutions ranging from the world’s largest financial services companies, to leading telecommunications providers, government agencies, universities and others have done exhaustive security reviews of our user, network and datacenter layers and confidently selected Zoom for complete deployment,” a Zoom spokesperson said Thursday. 

While various parts of the U.S. government have yet to restrict Zoom use, U.S. tech giant Google has banned the popular videoconferencing software from its employees’ devices.   

Last week, Google sent an email to employees citing Zoom’s “security vulnerabilities” and warning the videoconferencing software on employee laptops would cease working.  

Germany’s Foreign Ministry has also restricted the use of Zoom, allowing it only on fixed connection computers, rather than mobile devices after concluding the app’s software had “critical” weaknesses, according to media reports Wednesday. 

Concerns of Chinese cybertheft  

Scott Stewart, vice president of Stratfor's Threat Lens and a former diplomatic security service special agent, told VOA a “good portion” of Zoom’s development team is in China, and the videoconferencing company’s failure to use end-to-end encryption could allow an employee under pressure by the Chinese government to access and share private conversations.  

Defense Secretary Mark Esper has repeatedly said maintaining a military advantage over China is the Pentagon’s “highest priority,” and for years top military officers have warned of China’s use of forced technology transfer, intellectual property theft and cyber-espionage to expand their military capabilities. 

Steinberg told VOA he would not recommend Zoom use on military or government computers. 

“Other apps are more time tested,” he said. 

Photo: Zoom logo is seen in front of diplayed coronavirus disease (COVID-19) in this illustration taken March 19, 2020.

https://www.voanews.com/silicon-valley-technology/despite-fbi-warning-us-military-government-workers-still-using-zoom

Comments RSS feed for comments on this page

There are no comments yet. Be the first to add a comment by using the form below.