The Defense Department employs multiple methods of blocking internet advertisements because of the threats that malicious ads pose, the Pentagon said in a letter Monday.
The department’s answer to a summer inquiry from Sen. Ron Wyden, D-Ore., follows similar responses from the intelligence community in which agencies said they rely on ad-blockers as a security measure. In January, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency also urged federal agencies to block ads because of the potential for malicious activity.
“Yes, the Defense Information Systems Agency (DISA) has deployed various technologies to protect against online-advertising related malware and data collection threats,” wrote Kelly Fletcher, who’s currently serving in the role of DOD’s chief information officer. “Web content filter and Sharkseer tools block bad traffic that traverses our internet access points and Cloud Based Internet Isolation (CBII) also isolates all traffic, including ads.”
While the letter didn’t specify when DOD began blocking ads, the department rearranged funding in 2019 for DISA to take over the Sharkseer program from the National Security Agency. Sharkseer scans incoming traffic for threats via artificial intelligence. DOD is still migrating users to CBII, which seeks to protect them when they visit nongovernmental sites.
Malvertising, in which hackers inject malware into digital ads, showed signs of declining in 2020. But estimates routinely place the cost from malvertising to online advertisers at approximately $1 billion annually.
For mobile users, Fletcher wrote in the letter, the department has provided advice in a recently updated telework interactive training.
“Specifically, for government-issued mobile devices, DISA deployed a Mobile Threat Detection capability on each device that monitors the device, network, and applications for malware and other threats that could use online advertising as an attack vector,” she said.
Fletcher said that DOD has also distributed guidance to contractors, who must comply with National Institute of Standards and Technology guidelines on protecting information.