Very poor. I had expected much better. People in security critical situations need to think outside of the box instead of trying to secure a the box. Don't think about stopping things you don't want, block absolutely everything by not having any connections, and then implement connections which can physically only carry the things which you permit.

Incoming email server? Cut all network lines and physically force the emails to be sent through on custom serial hardware only able to send 7 bit characters and a single control character to start a new message. No matter what hacking you do, 100% of your output will go into an email.

Although, to be honest, I have no idea why the pentagon is using the Email system for anything other than press releases.

The Pentagon says it rebuffs hundreds of attempted attacks on its computer systems each day.

Pfft! So do I ... but just because you fend off hundreds of would-be hackers doesn't mean that's an excuse for letting one of them in.

You put an impenetrable server outside your firewall, then lock your firewall to not allow any traffic through from the outside (which means the outside world won't even know the firewall is there). Have the server outside the firewall do nothing but serve as a proxy and spooler ... no account information, nothing.

And, hey, not like you'd be able to do anything with an account anyway, since you can't get on the network from the outside.

Lame lame lame ...