An updated software tool coming Friday will warn you if you include personally identifiable information in your Microsoft Outlook emails.
The Air Force is launching the tool — the Digital Signature Enforcement Tool, or DSET version 1.6.1 — on its main computer network in hopes of reducing accidental breaches.
Last year, the Air Force said in a news release, it tracked about 500 PII breaches over about three months on the Air Force Network, or AFNET. That prompted the service to lock out AFNET users who were inappropriately storing or transmitting PII over the network. PII includes someone's name, address, Social Security number, rank, age, medical records, financial records, or any other data that can be used directly or with other data to identify, contact or locate a person.
A breach can happen during an email exchange — for example, senders may not know that hackers have compromised email transport infrastructure between the sender's desktop and a destination, possibly a desktop that is not on the dot-mil network. Hackers can then mold additional attacks — usually through spear phishing — based on the information they acquire during the intercepted exchange.
The updated DSET tool detects personal information before it is sent out in an email exchange. Now used Air Force-wide, its earlier 1.6.0 version was used by the Air National Guard, Air Force Reserve Command and Air Force Space Command.
DSET will trigger when it detects potential PII in an email, giving the sender the opportunity to delete the information, encrypt the information or override and transmit the email as originally written.
"If PII is identified, DSET will notify the user through a series of pop-up windows," Alonzo Pugh, a cyber business system analyst for the 24th Air Force, said in the release. "This interactivity allows the user to make a conscious decision of how to proceed with the information in question."
If a user must send out any form of PII, encrypting it before hitting send is all that will be necessary, Pugh said. DSET will not generate if the information has already been encrypted through Microsoft Outlook protocols, such as the "protect" feature.
Airmen should be aware that Outlook-encrypted information will only be able to send to dot-mil addresses. If a user attempts to send to outside accounts, DSET and Microsoft Outlook will provide pop-up boxes explaining the sender's options.
