The Department of Defense has issued new guidance on the use of the popular videoconferencing application Zoom following a week-old FBI warning about security issues and a VOA report Thursday that military and government employees had continued to use the app.
In an email to VOA on Friday, a Pentagon spokesman said, “DOD users may not host meetings using Zoom's free or commercial offerings.”
The spokesman said the new guidance permits use of Zoom for Government, a paid tier service that is hosted in a separate cloud authorized by the Federal Risk and Authorization Management Program, when videoconferencing about “publicly releasable DOD information not categorized as ‘For Official Use Only.’ ”
It was unclear, however, how many government employees have differentiated between the two services to date.
“Just because senior leadership enacts a policy does not automatically mean that everyone in every corner of an organization immediately gets the word,” a defense official said.
Rise in popularity
Zoom has seen a surge in activity during the coronavirus pandemic as office workers across the country have turned to the free app to quickly arrange video calls with dozens of participants.
The federal government has been no different, despite an FBI announcement April 1 that hackers could exploit weaknesses in videoconferencing software systems like Zoom to “steal sensitive information, target individuals and businesses performing financial transactions, and engage in extortion.”
The security concern is much greater than “Zoom bombing” attacks reported by users whose chats have been infiltrated by hackers shouting profanities or posting lewd images.
Experts say the teleconferencing app may introduce security risks not only to government employees during Zoom sessions but also to data that reside on government computers.
“If there are vulnerabilities, the app can jeopardize the security of data on the computer on which it is installed, or even potentially on other computers on the same network,” Joseph Steinberg, a leading cybersecurity expert and the author of Cybersecurity for Dummies, told VOA. “Such vulnerabilities have been discovered — and more may exist.”
Some unaware of risks
VOA reporting after the FBI warning on April 1 showed that Zoom remained a popular videoconferencing application for U.S. government employees from the Pentagon to Capitol Hill, not all of whom were aware of its potential risks.
A Zoom spokeswoman said Thursday that Zoom takes user security “extremely seriously.”
“A large number of global institutions ranging from the world’s largest financial services companies to leading telecommunications providers, government agencies, universities and others have done exhaustive security reviews of our user, network and datacenter layers and confidently selected Zoom for complete deployment,” the spokeswoman said.