The Department of Defense (DoD) is urging other U.S. government agencies, members of the defense industrial base (DIB), and international partners to take measures to avoid typos that could inadvertently expose sensitive military information to unintended email recipients.
In a May 23 memo – made public on Friday – former DoD Chief Information Officer (CIO) John Sherman addressed the department’s ongoing typographical challenge, involving typos that confuse the .ml and .mil domains.
These mistakes could redirect emails intended for DoD (.mil) recipients to unintended recipients on Mali’s .ml domain, potentially resulting in unauthorized disclosure of Controlled Unclassified Information, Sherman explained.
“While this type of unauthorized disclosure is different from intentional and illegal disclosure of classified materials, the Department still takes very seriously all kinds of unauthorized disclosures of Classified National Security Information or Controlled Unclassified Information,” Sherman wrote.
Therefore, he explained, the DoD is calling on Federal agencies, international allies, and the DIB to “exercise vigilance and take policy and technical measures to prevent typographical errors that could result in unauthorized disclosures.”
Additionally, the department implemented technical controls to block DoD network emails to the entire .ml domain, with exceptions made for legitimate emails on a case-by-case basis.
Sherman stepped down from his post as DoD CIO at the end of last month. David McKeown, the deputy CIO for cybersecurity and chief information security officer, was listed as the department’s point of contact for these typographical errors.