Back to news

March 18, 2020 | International, C4ISR, Security

The Pentagon is handling cyber vulnerabilities inconsistently

Mark Pomerleau

The Department of Defense has not consistently mitigated cyber vulnerabilities identified in a 2012 report, according to the department's inspector general.

The DoD IG issued a follow-on report to its 2012 report, issued March 13 and made public March 17, that determined cyber red teams didn't report the results of assessments to organizations and components didn't effectively correct or mitigate the identified vulnerabilities.

The new report discovered that components didn't consistently mitigate or include unmitigated vulnerabilities identified in the prior audit and during this audit by red teams during combatant command exercises, operational testing assessments and agency-specific assessments in plans of action and milestones.

“Ensuring DoD Components mitigate vulnerabilities is essential to achieve a better return on investment,” the report stated. “In addition, we determined that the DoD did not establish a unified approach to support and prioritize DoD Cyber Red Team missions. Instead, the DoD Components implemented Component-specific approaches to staff, train and develop tools for DoD Cyber Red Teams, and prioritize DoD Cyber Red Team missions.”

The report found that DoD didn't establish a unified approach because it didn't assign an organization with responsibility to oversee and synchronize red team activity based on priorities, it didn't assess the resources needed for each red team and identify requirements to train them to meet priorities and it didn't develop baseline tools to perform assessments.

“Without an enterprisewide solution to staff, train and develop tools for DoD Cyber Red Teams and prioritize their missions, DoD Cyber Red Teams have not met current mission requests and will not meet future requests because of the increased demands for DoD Cyber Red Team services,” the report said. “Until the DoD assigns an organization to assess DoD Cyber Red Team resources, it will be unable to determine the number of DoD Cyber Red Teams and staffing of each team to support mission needs, which will impact the Do D's ability to identify vulnerabilities and take corrective actions that limit malicious actors from compromising DoD operations.”

The DoD IG issued seven recommendations the secretary of defense assign an organization responsibility for. They include:

  • Review and assess red team reports for systemic vulnerabilities and coordinate the development and implementation of enterprise solutions to mitigate them;
  • Ensure components develop and implement a risk-based process to assess the impact of identified vulnerabilities and prioritize funding for corrective actions for high-risk vulnerabilities;
  • Ensure components develop and implement processes for providing reports with red team findings and recommendations to organizations with responsibility for corrective actions;
  • Develop processes and procedures to oversee red team activities, including synchronizing and prioritizing red team missions, to ensure activities align with priorities;
  • Perform a joint DoD-wide mission-impact analysis to determine the number of red teams, minimum staffing levels of each team, the composition of the staffing levels needed to meet current and future mission requests;
  • Assess and identify a baseline of core and specialized training standards, based on the three red team roles that team staff must meet for the team to be certified and accredited; and
  • Identify and develop baseline tools needed by red teams to perform missions.

https://www.fifthdomain.com/dod/2020/03/17/the-pentagon-is-handling-cyber-vulnerabilities-inconsistently/

On the same subject

  • US Army awaits acquisition strategy approval for extended-range cannon

    October 13, 2021 | International, Land

    US Army awaits acquisition strategy approval for extended-range cannon

    The Army is still deciding on the acquisition strategy for its Extended Range Cannon Artillery, or ERCA, system, even as the service seeks initial fielding in the fourth quarter of fiscal 2023, according to Brig. Gen. John Rafferty.

  • TEXTRON Systems Team Lynx OMFV manufacturer moves ahead to program Phase 3 and 4

    July 28, 2023 | International, Land

    TEXTRON Systems Team Lynx OMFV manufacturer moves ahead to program Phase 3 and 4

    Slidell, Louisiana, July 26, 2023 – Textron Systems Corporation, a Textron Inc. (NYSE:TXT) company, announced today that the company will move ahead into Phases 3 and 4 of the U.S....

  • DARPA: Using AI to Build Better Human-Machine Teams

    March 29, 2019 | International, C4ISR, Other Defence

    DARPA: Using AI to Build Better Human-Machine Teams

    The inability of artificial intelligence (AI) to represent and model human partners is the single biggest challenge preventing effective human-machine teaming today. Current AI agents are able to respond to commands and follow through on instructions that are within their training, but are unable to understand intentions, expectations, emotions, and other aspects of social intelligence that are inherent to their human counterparts. This lack of understanding stymies efforts to create safe, efficient, and productive human-machine collaboration. “As humans, we are able to infer unobservable states, such as situational beliefs and goals, and use those to predict the subsequent actions, reactions, or needs of another individual,” said Dr. Joshua Elliott, a program manager in DARPA's Information Innovation Office (I2O). “Machines need to be able to do the same if we expect them to collaborate with us in a useful and effective way or serve as trusted members of a team.” Teaching machines social intelligence however is no small feat. Humans intuitively build mental models of the world around them that include approximations of the mental models of other humans – a skill called Theory of Mind (ToM). Humans use their ToM skill to infer the mental states of their teammates from observed actions and context, and are able to predict future actions based on those inferences. These models are built on each individual's existing sets of experiences, observations, and beliefs. Within a team setting, humans build shared mental models by aligning around key aspects of their environment, team, and strategies. ToM and shared mental models are key elements of human social intelligence that work together to enable effective human collaboration. DARPA's Artificial Social Intelligence for Successful Teams (ASIST) program seeks to develop foundational AI theory and systems that demonstrate the basic machine social skills necessary to facilitate effective machine-human collaboration. ASIST aims to create AI agents that demonstrate a Machine ToM, as well as the ability to participate effectively in a team by observing and understanding their environment and human partners, developing useful context-aware actions, and executing those actions at appropriate times. The agents developed under ASIST will need to operate across a number of scenarios, environments, and other variable circumstances, making the ability for them to evolve and adapt as needed critical. As such, ASIST will work to develop agents that can operate in increasingly complex environments, adapt to sudden change, and use observations to develop complex inferences and predictions. During the first phase of the program, ASIST plans to conduct experiments with single human-machine interactions to see how well the agents can infer human goals and situational awareness, using those insights to then predict their teammate's actions and provide useful recommended actions. As the program progresses, the complexity will increase with teams of up to 10 members interacting with the AI agents. During these experiments, ASIST will test the agents' ability to understand the cognitive model of the team – not just that of a single human – and use that understanding to develop appropriate situationally relevant actions. Full details on the program can be found in the Broad Agency Announcement (BAA) solicitation, which has been posted to the Federal Business Opportunities website, https://www.fbo.gov/index?s=opportunity&mode=form&id=9d4acf0aba98916288a541bd07810004&tab=core&_cview=1 https://www.darpa.mil/news-events/2019-03-21b

All news