Security

Too many issues in Pentagon networks expose it to cybersecurity risks

A new security assessment conducted by the Defense Department Inspector General revealed that the Pentagon is still exposed to many cyber risks,

The report published by the Defense Department Inspector General on January 9, shows a worrisome situation, there are 266 issue, some of them are ten-years-old cybersecurity‑related recommendations still unresolved in the Pentagon infrastructure.

This means that security and IT staff at the Pentagon is ignoring the recommendations exposing it to the risk of hack.

“recently issued cybersecurity reports indicate that the DoD still faces challenges in managing cybersecurity risk to its network. Additionally, as of September 30, 2018, there were 266 open cybersecurity‑related recommendations, dating as far back as 2008. ” reads the executive summary of the report.

The report also includes results from four classified reports and 20 unclassified reports that were drafted between July 1, 2017, and June 30, 2018, by the Government Accountability Office and DoD community.

Results from the unclassified reports shows improvements in the asset management, information protection processes and procedures, identity management and access control, and security continuous monitoring.

According to the documents, the DoD has addressed 19 of the 159 recommendations made in the reports.

The largest number of weaknesses identified by the experts were related to governance,

The report highlights that the DoD must continue managing cyber risks,

“However, the DoD needs to continue focusing on managing cybersecurity risks related to governance, asset management, information protection processes and procedures, identity management and access control, security continuous monitoring, detection processes, and communications.” states the report.

The report doesn’t surprise the experts, in September another audit conducted by the Inspector General revealed that 266 DoD cybersecurity-related recommendations were still open, 11 of them being classified and 255 unclassified and 11 classified, dating as far back as 2008. 

In October another report published by the Government Accountability Office (GAO) revealed that almost any new weapon system in the arsenal of the Pentagon is vulnerable to hack.

“Without proper governance, the DoD cannot assure that it effectively identifies and manages cybersecurity risk as it continues to face a growing variety of cyber threats from adversaries such as offensive cyberspace operations used to disrupt, degrade, or destroy targeted information systems.” concludes the DoD OIG.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – Pentagon, hacking)

[adrotate banner=”5″]

[adrotate banner="13"]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

American fast-fashion firm Hot Topic hit by credential stuffing attacks

Hot Topic suffered credential stuffing attacks that exposed customers' personal information and partial payment data.…

17 mins ago

Cisco addressed high-severity flaws in IOS and IOS XE software

Cisco addressed multiple vulnerabilities in IOS and IOS XE software that can be exploited to…

14 hours ago

Google: China dominates government exploitation of zero-day vulnerabilities in 2023

Google's Threat Analysis Group (TAG) and Mandiant reported a surge in the number of actively…

21 hours ago

Google addressed 2 Chrome zero-days demonstrated at Pwn2Own 2024

Google addressed two zero-day vulnerabilities in the Chrome web browser that have been demonstrated during…

1 day ago

INC Ransom stole 3TB of data from the National Health Service (NHS) of Scotland

The INC Ransom extortion group hacked the National Health Service (NHS) of Scotland and is threatening…

2 days ago

CISA adds Microsoft SharePoint bug disclosed at Pwn2Own to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Microsoft SharePoint vulnerability disclosed at the…

2 days ago

This website uses cookies.