The US Pentagon Has Numerous Security Gaps

Uploaded on 2019-01-23 in GOVERNMENT-Defence, FREE TO VIEW, NEWS-Cybersecurity News

The Pentagon has 266 cyber security exposures and vulnerabilities that have not been attended to or secured in recent years. These significant problems in the Pentagon’s IT electronic systems have put the Pentagon at risk of hacks and data theft.

The Defense Department published the report on January 9th and it reveals thet a number of these issues have been a problem for a least 10 years.

However, the Defence Dept.’s IT Auditors also found that other areas of the IT systems had been security and penetration tested and were working very well.

But for more than a decade old, there remains unaddressed IT issues that should have been addresses in the Defense Department’s networks, according to the Defence Department’s Internal ombudsmen. These 266 cyber insecurities had already been highlighted in a number of reports between July 2017 and June 2018 and some of these IT problems go back over a decade to 2008. 

The Auditors said that a lot of the problems are because the IT and cyber monitoring and management policies were not very effective. 

The unclassified reports identified improvements in the asset management, information protection processes and procedures, identity management and access control, and security continuous monitoring. The DoD has taken action to strengthen its cybersecurity posture by implementing actions to address 19 of the 159 recommendations made in those reports. In particular, the DoD needs to continue focusing on managing cybersecurity risks related to governance, asset management, information protection processes and procedures, identity management and access control, security continuous monitoring, detection processes, and communications. 

The largest number of weaknesses identified in this year’s summary were related to governance, which allows an organisation to inform its management of cybersecurity risk through the policies, procedures, and processes to manage and monitor the organizations regulatory, legal, risk, environmental, and operational requirements.

Without proper governance, the DoD cannot ensure that it effectively identifies and manages cybersecurity risk as it continues to face a growing variety of cyber threats from adversaries, such as offensive cyberspace operations used to disrupt, degrade, or destroy targeted information systems.”

The auditors explain that a series of issues have been ignored and have not been tackled over the previous years. The department, has not done enough to comply with the cybersecurity framework developed by the National Institute of Standards and Technology. The Defense Contract Management Agency has not properly trained its cyber specialists so that they receive the required certifications.

“Without adequate controls … the department cannot ensure that all of its systems, devices, personnel, and vulnerabilities are identified and manages,” auditors wrote.

The Defence Department is now begun work to upgrade all IT systems so as to assist the Agency when it needs to address cyber threats and attacks. This not a subject that only effects the US Department of Defence and if other governments did an independent audit of their IT systems they would also fine significant issues that have not been addressed. 

News By CSI:

You Might Also Read:

Pentagon Weapons Systems Vulnerable To Cyber-Attacks:

« New British Cyber Security Centre
What Financial Services Executives Need to Know About Data-Security »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Foundation for Strategic Research (FRS)

Foundation for Strategic Research (FRS)

The Foundation for Strategic Research is France's main independent think tank on strategic, defense and security issues. Cyber security is covered as part of the study areas.

World Privacy Forum (WPF)

World Privacy Forum (WPF)

The World Privacy Forum is a non-profit public interest research group that focuses on privacy and technology issues.

Secure Thingz

Secure Thingz

Secure Thingz focus on developing and delivering advanced security solutions into the emerging Industrial Internet of Things (IIoT) and Critical Infrastructure markets.

Commissum

Commissum

Commissum specialise in information assurance and security testing services.

Salient CRGT

Salient CRGT

Salient CRGT is a leading provider of health, data analytics, cloud, agile software development, mobility, cyber security, and infrastructure solutions.

Seric Systems

Seric Systems

Seric is a technology business specialising in security, infrastructure and data management.

Computer Network Defence (CND)

Computer Network Defence (CND)

Computer Network Defence (CND) are a Broad-Spectrum Cyber Security Consultancy and Recruitment Agency.

Baker Donelson

Baker Donelson

Baker Donelson is a law firm with a team of more than 700 attorneys and advisors representing more than 30 practice areas including Data Protection, Privacy and Cybersecurity.

PurpleSynapz

PurpleSynapz

PurpleSynapz provides hyper-realistic Cyber Security Training with a modern curriculum and Cyber Range.

Infosec Cloud

Infosec Cloud

Infosec Cloud is a specialist Cyber Security company offering fully managed Training & Testing Services in addition to market leading Cyber Security technology and accredited professional services.

1Password

1Password

1Password combines industry-leading security with award-winning design to bring private, secure, and user-friendly password management to everyone.

LiveAction

LiveAction

LiveAction provides end-to-end visibility of network and application performance from a single pane of glass.

DoControl

DoControl

DoControl gives organizations the automated, self-service tools they need for SaaS applications data access monitoring, orchestration, and remediation.

VulnCheck

VulnCheck

VulnCheck helps organizations outpace adversaries with vulnerability intelligence that predicts avenues of attack with speed and accuracy.

Omantel Innovation Labs

Omantel Innovation Labs

The Omantel Innovation Labs is a platform to enable startups and innovators to develop and commercialize solutions within selected technology verticals including cybersecurity.

North Green Security

North Green Security

North Green Security is a UK-based cyber security training and consultancy company.