The US Pentagon Has Numerous Security Gaps

The Pentagon has 266 cyber security exposures and vulnerabilities that have not been attended to or secured in recent years. These significant problems in the Pentagon’s IT electronic systems have put the Pentagon at risk of hacks and data theft.

The Defense Department published the report on January 9th and it reveals thet a number of these issues have been a problem for a least 10 years.

However, the Defence Dept.’s IT Auditors also found that other areas of the IT systems had been security and penetration tested and were working very well.

But for more than a decade old, there remains unaddressed IT issues that should have been addresses in the Defense Department’s networks, according to the Defence Department’s Internal ombudsmen. These 266 cyber insecurities had already been highlighted in a number of reports between July 2017 and June 2018 and some of these IT problems go back over a decade to 2008. 

The Auditors said that a lot of the problems are because the IT and cyber monitoring and management policies were not very effective. 

The unclassified reports identified improvements in the asset management, information protection processes and procedures, identity management and access control, and security continuous monitoring. The DoD has taken action to strengthen its cybersecurity posture by implementing actions to address 19 of the 159 recommendations made in those reports. In particular, the DoD needs to continue focusing on managing cybersecurity risks related to governance, asset management, information protection processes and procedures, identity management and access control, security continuous monitoring, detection processes, and communications. 

The largest number of weaknesses identified in this year’s summary were related to governance, which allows an organisation to inform its management of cybersecurity risk through the policies, procedures, and processes to manage and monitor the organizations regulatory, legal, risk, environmental, and operational requirements.

Without proper governance, the DoD cannot ensure that it effectively identifies and manages cybersecurity risk as it continues to face a growing variety of cyber threats from adversaries, such as offensive cyberspace operations used to disrupt, degrade, or destroy targeted information systems.”

The auditors explain that a series of issues have been ignored and have not been tackled over the previous years. The department, has not done enough to comply with the cybersecurity framework developed by the National Institute of Standards and Technology. The Defense Contract Management Agency has not properly trained its cyber specialists so that they receive the required certifications.

“Without adequate controls … the department cannot ensure that all of its systems, devices, personnel, and vulnerabilities are identified and manages,” auditors wrote.

The Defence Department is now begun work to upgrade all IT systems so as to assist the Agency when it needs to address cyber threats and attacks. This not a subject that only effects the US Department of Defence and if other governments did an independent audit of their IT systems they would also fine significant issues that have not been addressed. 

News By CSI:

You Might Also Read:

Pentagon Weapons Systems Vulnerable To Cyber-Attacks:

« New British Cyber Security Centre
What Financial Services Executives Need to Know About Data-Security »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

CloudEndure

CloudEndure

CloudEndure offers Disaster Recovery and Continuous Replication for the Cloud.

GFI Software

GFI Software

GFI Software works with System Administrators, IT Professionals and IT Executives to ensure that their IT infrastructures are monitored, managed, secured and compliant.

Covenco

Covenco

Covenco is a data management and IT infrastructure specialist. Working with customers to transform their IT environments, with data protection and security at the forefront of everything we do.

Hyve

Hyve

Hyve provide a wide range of managed web hosting services including private, hybrid and public VMware cloud hosting.

AEI Cybersecurity

AEI Cybersecurity

AEI brings together companies, Research Centres, Universities, and other organizations interested in promoting new cybersecurity technologies.

Nubo Software

Nubo Software

Nubo’s Virtual Mobile Infrastructure creates a virtual corporate device on your employee smartphones and tablets. Enable unlimited mobility without leaving any data at risk.

CI-CERT

CI-CERT

CI-CERT is the national Computer Incident Response Team for Cote d'Ivoire.

Munich Re

Munich Re

Munich Re is a leading global provider of reinsurance, primary insurance and insurance-related risk solutions including Cyber.

In Fidem

In Fidem

In Fidem specializes in information security management, with a bold approach that views cybersecurity as a springboard to organizational transformation rather than a barrier to innovation.

Adversa AI

Adversa AI

Adversa's mission is to build trust in AI and protect AI from cyber threats, privacy issues, and safety incidents.

Gulf Business Machines (GBM)

Gulf Business Machines (GBM)

GBM is a leading end-to-end digital solutions provider, offering the broadest portfolio, including industry-leading digital infrastructure, digital business solutions, security and services.

Mondoo

Mondoo

Mondoo is a powerful security, compliance, and asset inventory tool that helps businesses identify vulnerabilities, track lost assets, and ensure policy compliance across their entire infrastructure.

Sirti

Sirti

Sirti is Italy's leading technology company in the design and production of network infrastructures and telecoms system integration.

PingSafe

PingSafe

PingSafe is creating the next-generation cloud security platform powered by attackers' intelligence, providing coverage for vulnerabilities that traditional security solutions would otherwise overlook

PDI Technologies

PDI Technologies

PDI Technologies helps convenience retail and petroleum wholesale businesses around the globe increase efficiency and profitability by securely connecting their data and operations.

SOCRadar

SOCRadar

SOCRadar is an Extended Threat Intelligence (XTI) SaaS platform that combines External Attack Surface Management (EASM), Digital Risk Protection Services (DRPS), and Cyber Threat Intelligence (CTI).