Back to news

March 18, 2020 | International, C4ISR, Security

The Pentagon is handling cyber vulnerabilities inconsistently

Mark Pomerleau

The Department of Defense has not consistently mitigated cyber vulnerabilities identified in a 2012 report, according to the department's inspector general.

The DoD IG issued a follow-on report to its 2012 report, issued March 13 and made public March 17, that determined cyber red teams didn't report the results of assessments to organizations and components didn't effectively correct or mitigate the identified vulnerabilities.

The new report discovered that components didn't consistently mitigate or include unmitigated vulnerabilities identified in the prior audit and during this audit by red teams during combatant command exercises, operational testing assessments and agency-specific assessments in plans of action and milestones.

“Ensuring DoD Components mitigate vulnerabilities is essential to achieve a better return on investment,” the report stated. “In addition, we determined that the DoD did not establish a unified approach to support and prioritize DoD Cyber Red Team missions. Instead, the DoD Components implemented Component-specific approaches to staff, train and develop tools for DoD Cyber Red Teams, and prioritize DoD Cyber Red Team missions.”

The report found that DoD didn't establish a unified approach because it didn't assign an organization with responsibility to oversee and synchronize red team activity based on priorities, it didn't assess the resources needed for each red team and identify requirements to train them to meet priorities and it didn't develop baseline tools to perform assessments.

“Without an enterprisewide solution to staff, train and develop tools for DoD Cyber Red Teams and prioritize their missions, DoD Cyber Red Teams have not met current mission requests and will not meet future requests because of the increased demands for DoD Cyber Red Team services,” the report said. “Until the DoD assigns an organization to assess DoD Cyber Red Team resources, it will be unable to determine the number of DoD Cyber Red Teams and staffing of each team to support mission needs, which will impact the Do D's ability to identify vulnerabilities and take corrective actions that limit malicious actors from compromising DoD operations.”

The DoD IG issued seven recommendations the secretary of defense assign an organization responsibility for. They include:

  • Review and assess red team reports for systemic vulnerabilities and coordinate the development and implementation of enterprise solutions to mitigate them;
  • Ensure components develop and implement a risk-based process to assess the impact of identified vulnerabilities and prioritize funding for corrective actions for high-risk vulnerabilities;
  • Ensure components develop and implement processes for providing reports with red team findings and recommendations to organizations with responsibility for corrective actions;
  • Develop processes and procedures to oversee red team activities, including synchronizing and prioritizing red team missions, to ensure activities align with priorities;
  • Perform a joint DoD-wide mission-impact analysis to determine the number of red teams, minimum staffing levels of each team, the composition of the staffing levels needed to meet current and future mission requests;
  • Assess and identify a baseline of core and specialized training standards, based on the three red team roles that team staff must meet for the team to be certified and accredited; and
  • Identify and develop baseline tools needed by red teams to perform missions.

https://www.fifthdomain.com/dod/2020/03/17/the-pentagon-is-handling-cyber-vulnerabilities-inconsistently/

On the same subject

  • New report sees near-term strength in space industrial base, but calls for government guidance

    November 24, 2021 | International, C4ISR

    New report sees near-term strength in space industrial base, but calls for government guidance

    The authors want the White House to craft a North Star vision to coordinate civil, commercial and national security space efforts.

  • Airbus to help determine path forward for Tiger helo upgrade, missile options

    October 1, 2018 | International, Aerospace

    Airbus to help determine path forward for Tiger helo upgrade, missile options

    By: Pierre Tran PARIS — A European arms procurement agency has chosen Airbus Helicopters to conduct de-risking studies for the Tiger attack helicopter's upgrade to the MK 3 standard, the company said. “OCCAR (Organisation for Joint Armament Cooperation) has commissioned Airbus Helicopters, on behalf of the French, German and Spanish armament agencies DGA, BAAINBw and DGAM, to perform de-risking studies aimed at providing the Tiger with next-generation battlefield capabilities,” the company said Sept. 27. The studies will help in development and retrofit preparation of avionics and mission and weapon systems for the Tiger, the company said. Electronics specialist Thales and missile-builder MBDA will take part in the studies. “We are proud to be preparing the future of the Tiger as it represents a major program for the European defense cooperation initiative,” said Bruno Even, CEO of Airbus Helicopters. French Armed Forces Minister Florence Parly said she is trying to persuade her German counterpart to opt for the same missile as France for the Tiger, rather than make its own order for the the Rafael Spike missile. The de-risking studies may consider various options, such as Spike, Brimstone and MMP missiles, and will note the changes that might be required, such as fitting an antenna for radio data link to deliver pictures to the cockpit right up to impact, an industry executive said. The French Army is drawing up requirements for a future tactical air-to-surface missile, dubbed MAST-F, which would arm the upgraded Tigers. Rafael has pitched its extended-range Spike ER2 missile to Germany for the Tiger, hoping Berlin will follow the flight path of Spain, which arms its Tiger helicopters with the Israeli weapon. https://www.defensenews.com/air/2018/09/28/airbus-to-help-determine-path-forward-for-tiger-helo-upgrade-missile-options

  • Opinion: ‘Efficiencies’ Alone Cannot Solve U.S. Defense Budget Crunch

    October 23, 2020 | International, Aerospace, Naval, Land, C4ISR, Security

    Opinion: ‘Efficiencies’ Alone Cannot Solve U.S. Defense Budget Crunch

    We are not going to “efficiency” our way out of the hard choices which the next administration will face fitting an already straining defense posture under a flatlined budget. Previously in the Up... More details on https://aviationweek.com/defense-space/budget-policy-operations/opinion-efficiencies-alone-cannot-solve-us-defense-budget

All news