Back to news

December 19, 2018 | International, C4ISR

DoD IG: Military networks are exposed to ‘unnecessary’ cyber risks

By:

The military services are exposing networks to “unnecessary cybersecurity risks” thanks in part to a lack of visibility over software application inventories, according to a Department of Defense Inspector General report.

The IG investigated whether DoD components rationalized their software applications by identifying and eliminating any duplicative or obsolete applications. Rationalizing software applications seeks to improve enterprise IT by identifying all software applications on the network; determining if existing applications are needed, duplicative or obsolete; and determining if applications already existing within the network prior to purchasing new ones.

The audit — which focused on Marine Corps, Navy and Air Force commands and divisions — found that the groups examined did not consistently perform this rationalization process. By not having visibility into software application inventories, these organizations were unable to identify the extent of existing vulnerabilities within their applications, the report found.

Moreover, such a process could lead to cost savings associated with eliminating duplicative and obsolete applications.

Fleet Forces Command was the only command the IG reviewed that had a process in place for eliminating duplicative or obsolete applications. The Air Force did not have a process in place to prevent duplication when purchasing new applications.

The report placed blame on the DoD chief information officer for not implementing a solution for software rationalization in response to Federal Information Technology Acquisition Reform Act requirements.

The IG made three recommendations for the CIO, who did not provide a response to draft recommendations:

  • Develop an enterprisewide process for conduction software application rationalization throughout DoD;
  • Establish guidance requiring DoD components to conduct rationalization and require DoD component CIOs to develop implementation guidance outlining responsibilities for rationalization. Such a policy should also require components on at least an annual basis to validate the accuracy of their owned and in use software applications inventory; and
  • Conduct periodic review to ensure components are regularly validating the accuracy of their inventory and they are eliminating duplicative and obsolete applications.

https://www.fifthdomain.com/dod/2018/12/18/dod-ig-military-networks-are-exposed-to-unnecessary-cyber-risks

On the same subject

  • Defense Agency Wants To Acquire UAS Services For Use In Disaster Relief

    January 22, 2019 | International, Aerospace, Security

    Defense Agency Wants To Acquire UAS Services For Use In Disaster Relief

    By Calvin Biesecker The Defense Department's agency charged with providing logistics support to warfighters is seeking information from vendors capable of providing unmanned aircraft systems (UAS) that can deliver food and water to people in remote areas following a disaster. The Defense Logistics Agency (DLA) in an information request lists key capabilities and requirements for its UAS needs as part of a forthcoming acquisition for the services in the East and Gulf Coasts of the U.S. “This is in support of Defense Logistics Agency Troop Support's Subsistence Contingency Operations and Natural Disaster relief efforts,” the DLA says in a Jan. 10 Request for Information on the government's FedBizOpps site. In addition to supporting warfighters with their supply needs, DLA also provides support to the Department of Homeland Security's Federal Emergency Management Agency (FEMA), which supports disaster response to U.S. states and territories. Support for FEMA is “becoming more routine,” a DLA spokesman told Defense Daily on Thursday. The DLA announcement doesn't specify a specific event or series of disasters that is driving the need for remote delivery of food and water by UAS but it does follow a series of dramatic storms and wildfires over the past 16 months. In particular, Hurricane Maria, which hit the U.S. Virgin Islands on Sept. 19, 2017, and Puerto Rico the day after. Maria impacted 100 percent of the populations of Puerto Rico and the U.S. Virgin Islands. The Caribbean islands of Puerto Rico and the U.S. Virgin Islands are both U.S. territories located a 1,000 or more miles from Florida. The devastation in Puerto Rico made deliveries of relief supplies difficult. “Hurricane Maria severely damaged or destroyed a significant portion of both territories' already fragile critical infrastructure,” FEMA said in a July 12, 2018 after-action report on the 2017 hurricane season. “Maria left Puerto Rico's 3.7 million residents without electricity. The resulting emergency response represents the longest sustained air mission of food and water delivery in Federal Emergency Management Agency history.” Rather than acquire the systems outright, DLA wants a contactor that can provide the delivery services through a “turnkey deployment” based on a performance-based concept of operations developed as part of a research effort. Capabilities must be in place within one to two days of an event, the agency says. It also says the drones must be non-developmental and be able to operate beyond visual line of sight in austere conditions. Payloads on the UAS will weigh between 250 and 500 pounds and “typically” consist of cases of bottled water, Meals-Ready-to Eat, and other related operational items that will be released remotely without damage to the supplies. For the deployments, the drones must be able to operate from maritime vessels to land, land to sea vessel, and land to land. DLA says that sea-based operations “will be coordinated with the U.S. Coast Guard.” In the late summer of 2017, before Maria hit, Texas was hit by Hurricane Harvey, which was followed by Hurricane Irma, which slammed into Florida, Puerto Rico and the U.S. Virgin Islands. Harvey affected 30 percent of the population in Texas and Irma affected 85 percent of the combined populations of Florida, Puerto Rico and the U.S. Virgin Islands. Around the same time the three storms hit the U.S. and its territories, another hurricane interfered with maritime operations in the Caribbean Sea and FEMA also supported California's response to “some of the most devastating wildfires to ever impact the state,” the after-action report said. The DLA wants responses to its Request for Information by Jan. 25. The agency said the timing of the release of the Request for Proposals is unknown as is the ultimate amount of the eventual procurement pending the completion of market research. https://www.rotorandwing.com/2019/01/18/defense-agency-wants-acquire-uas-services-use-disaster-relief/

  • Chinese State-Backed Cyber Espionage Targets Southeast Asian Government

    June 5, 2024 | International, Security

    Chinese State-Backed Cyber Espionage Targets Southeast Asian Government

    Chinese state-sponsored hackers target Southeast Asian government in complex cyber espionage campaign.

  • Defense Industry’s Covid Closings Decline, Pentagon Agency Says

    July 8, 2020 | International, Aerospace, Naval, Land, C4ISR, Security

    Defense Industry’s Covid Closings Decline, Pentagon Agency Says

    By Anthony Capaccio The defense industry has made major strides reducing the impact of Covid-19 on operations, decreasing total closings of facilities to six on Monday from a high of 148 in mid-April, according to the Pentagon agency that oversees contracts. “We're seeing a significantly smaller fraction of the industrial base impacted on a daily basis” as contractors have become “better at restoring operational capability after potential exposures” to the coronavirus, Army Lieutenant General David Bassett, director of the Defense Contract Management Agency, said in an interview. “We've gone from having a substantial fraction of the industrial base impacted to today,” where it's “just a handful.” In total, 279 defense contracting locations were forced to shut down an average of 20 days since April because of the pandemic. In addition, 149 locations currently have reduced operations because of the virus, according to the agency, which tracks 10,509 locations of major defense contractors and their subcontractors. “These closures have generally been short-term in order to clean facilities” or to “reduce the potential exposure of employees,” according to agency spokesman Matthew Montgomery. Ellen Lord, the Defense Department's acquisitions chief, has warned that pandemic disruptions are expected to result in defense industry claims for reimbursement of more than $10 billion under the Cares Act, which provides economic aid including reimbursing contractors for payments to employees affected by disruptions such as plant closings. She has said a single contractor, which she didn't name, is estimated to have at least $1.5 billion in potential claims. Bassett said the decline in plant closings reflects that companies “have really got a plan in place so that they know what they have to do when they find people who have been exposed, how they have to handle the plant and then what they can do to get back up quickly and safely.” Bassett assumed command of the contract agency on June 3 after a career that included positions as the Army's top program manager for command-and-control networks and for ground-combat vehicles. “As we watch right now and cases are beginning to rise in certain areas of the country, I've asked all of our teams to really think about what we can do right now to make sure if we do end up in a shutdown we can avoid impacts to the industrial base and our deliveries,” he said. https://www.bloomberg.com/news/articles/2020-07-07/defense-industry-s-covid-closings-decline-pentagon-agency-says

All news