The US Pentagon Has Numerous Security Gaps

Uploaded on 2019-01-23 in GOVERNMENT-Defence, FREE TO VIEW, NEWS-Cybersecurity News

The Pentagon has 266 cyber security exposures and vulnerabilities that have not been attended to or secured in recent years. These significant problems in the Pentagon’s IT electronic systems have put the Pentagon at risk of hacks and data theft.

The Defense Department published the report on January 9th and it reveals thet a number of these issues have been a problem for a least 10 years.

However, the Defence Dept.’s IT Auditors also found that other areas of the IT systems had been security and penetration tested and were working very well.

But for more than a decade old, there remains unaddressed IT issues that should have been addresses in the Defense Department’s networks, according to the Defence Department’s Internal ombudsmen. These 266 cyber insecurities had already been highlighted in a number of reports between July 2017 and June 2018 and some of these IT problems go back over a decade to 2008. 

The Auditors said that a lot of the problems are because the IT and cyber monitoring and management policies were not very effective. 

The unclassified reports identified improvements in the asset management, information protection processes and procedures, identity management and access control, and security continuous monitoring. The DoD has taken action to strengthen its cybersecurity posture by implementing actions to address 19 of the 159 recommendations made in those reports. In particular, the DoD needs to continue focusing on managing cybersecurity risks related to governance, asset management, information protection processes and procedures, identity management and access control, security continuous monitoring, detection processes, and communications. 

The largest number of weaknesses identified in this year’s summary were related to governance, which allows an organisation to inform its management of cybersecurity risk through the policies, procedures, and processes to manage and monitor the organizations regulatory, legal, risk, environmental, and operational requirements.

Without proper governance, the DoD cannot ensure that it effectively identifies and manages cybersecurity risk as it continues to face a growing variety of cyber threats from adversaries, such as offensive cyberspace operations used to disrupt, degrade, or destroy targeted information systems.”

The auditors explain that a series of issues have been ignored and have not been tackled over the previous years. The department, has not done enough to comply with the cybersecurity framework developed by the National Institute of Standards and Technology. The Defense Contract Management Agency has not properly trained its cyber specialists so that they receive the required certifications.

“Without adequate controls … the department cannot ensure that all of its systems, devices, personnel, and vulnerabilities are identified and manages,” auditors wrote.

The Defence Department is now begun work to upgrade all IT systems so as to assist the Agency when it needs to address cyber threats and attacks. This not a subject that only effects the US Department of Defence and if other governments did an independent audit of their IT systems they would also fine significant issues that have not been addressed. 

News By CSI:

You Might Also Read:

Pentagon Weapons Systems Vulnerable To Cyber-Attacks:

« New British Cyber Security Centre
What Financial Services Executives Need to Know About Data-Security »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

CyberDefenses

CyberDefenses

CyberDefenses services combine best-in-class cybersecurity oversight, managed services and training to help our clients truly address their cybersecurity challenges.

Nmap Project

Nmap Project

Nmap Project is a Free and open source tool for network discovery, administration, and security auditing.

ManagedMethods

ManagedMethods

ManageMethods Cloud Access Monitor is the only Cloud Access Security Broker (CASB) that can be deployed in minutes, with no special training, and with no impact on users or networks.

Bericon Forensics

Bericon Forensics

Bericon is one of the longest established forensic science consultancies in the UK. Activities include computer and mobile phone forensics.

Early Warning Services

Early Warning Services

Early Warning is committed to providing awareness, education, and enablement around fraud prevention.

Sabasai

Sabasai

Sabasai specialises in all aspects of insider threat management from training and education to building security frameworks and insider threat programs to on-site risk & vulnerability assessments.

Sopher Networks

Sopher Networks

Sopher is a secure communication and collaboration platform for business and personal use.

Activu

Activu

Activu makes any information visible, collaborative, and proactive for people tasked with monitoring critical operations including network security.

Sentra

Sentra

Sentra is focused on improving data security practices within the cloud, mitigating the risks of damaging data leaks by providing comprehensive visibility into critical data assets.

Krista Software

Krista Software

Krista is an intelligent automation platform that combines iPaaS and Conversational AI to automate complete business processes across your teams and apps.

Heartland Business Systems (HBS)

Heartland Business Systems (HBS)

Heartland Business Systems serves commercial, public sector and small to medium business with results-driven and dedicated information technology services.

Liquis Inc.

Liquis Inc.

Liquis, founded in 2002, is one of the largest facility decommissioning services companies in the U.S.

Resemble AI

Resemble AI

Resemble AI is an innovator in Generative Voice AI technology and tools to combat AI fraud including audio watermarking and deepfake detection.

DACTA Global

DACTA Global

DACTA was established with the aim of simplifying the perception of complexity surrounding digital security challenges and solutions.

CovertSwarm

CovertSwarm

Since 2020 CovertSwarm have been radically redefining how enterprise security risks are discovered. We outpace the cyber threats faced by our clients using a constant cyber attack methodology.

Fisch Solutions

Fisch Solutions

Fisch Solutions offer IT Support & Cybersecurity for small to mid-sized businesses, government, and not-for-profit organizations in the New York, New Jersey, Connecticut tri-state area and beyond.