19 décembre 2018 | International, C4ISR

DoD IG: Military networks are exposed to ‘unnecessary’ cyber risks

By:

The military services are exposing networks to “unnecessary cybersecurity risks” thanks in part to a lack of visibility over software application inventories, according to a Department of Defense Inspector General report.

The IG investigated whether DoD components rationalized their software applications by identifying and eliminating any duplicative or obsolete applications. Rationalizing software applications seeks to improve enterprise IT by identifying all software applications on the network; determining if existing applications are needed, duplicative or obsolete; and determining if applications already existing within the network prior to purchasing new ones.

The audit — which focused on Marine Corps, Navy and Air Force commands and divisions — found that the groups examined did not consistently perform this rationalization process. By not having visibility into software application inventories, these organizations were unable to identify the extent of existing vulnerabilities within their applications, the report found.

Moreover, such a process could lead to cost savings associated with eliminating duplicative and obsolete applications.

Fleet Forces Command was the only command the IG reviewed that had a process in place for eliminating duplicative or obsolete applications. The Air Force did not have a process in place to prevent duplication when purchasing new applications.

The report placed blame on the DoD chief information officer for not implementing a solution for software rationalization in response to Federal Information Technology Acquisition Reform Act requirements.

The IG made three recommendations for the CIO, who did not provide a response to draft recommendations:

  • Develop an enterprisewide process for conduction software application rationalization throughout DoD;
  • Establish guidance requiring DoD components to conduct rationalization and require DoD component CIOs to develop implementation guidance outlining responsibilities for rationalization. Such a policy should also require components on at least an annual basis to validate the accuracy of their owned and in use software applications inventory; and
  • Conduct periodic review to ensure components are regularly validating the accuracy of their inventory and they are eliminating duplicative and obsolete applications.

https://www.fifthdomain.com/dod/2018/12/18/dod-ig-military-networks-are-exposed-to-unnecessary-cyber-risks

Sur le même sujet

  • Military raked by critics online after unveiling new army logo | CBC News

    5 mai 2024 | International, Terrestre

    Military raked by critics online after unveiling new army logo | CBC News

    The Canadian Army learned two valuable lessons Friday: appreciation of art is in the eye of the beholder and it pays to be precise, even on social media.

  • Amentum to acquire DynCorp International

    28 septembre 2020 | International, Terrestre, C4ISR

    Amentum to acquire DynCorp International

    Joe Gould WASHINGTON ― An affiliate of government contractor Amentum will buy DynCorp International, the global services provider, the companies announced Thursday. The deal, for undisclosed terms, is expected to close in the fourth quarter of this year. In a joint release, the companies billed the deal as creating a mission-critical support services powerhouse, as they have had, collectively, $6 billion in revenue over the last 12 months. The new entity would employ 34,000 people in more than 30 countries. “The combination of our two companies will accelerate our growth into key new markets such as aviation support services, contractor logistics support, intelligence solutions, and training,” said Amentum CEO John Vollmer. Earlier this year, Amentum launched as a privately held company after the sale of the AECOM Management Services business to affiliates of Lindsay Goldberg and American Securities LLC. The new firm provides mission support and equipment sustainment, information technology, intelligence, nuclear and environmental remediation, among other services. “We look forward to welcoming DynCorp's employees to the Amentum family," Vollmer said. "Our complementary capabilities and cultures will propel Amentum to the top of our market as a leader with differentiated solutions to support our clients' most challenging missions.” In April, DynCorp won a $185 million, nine-month extension to support Army Sustainment Command in Southern Afghanistan under the Logistics Civil Augmentation Program (LOGCAP) IV contract. The company said it has continuously provided LOGCAP services for the U.S. Army for 11 years. “This strategic combination of two market leading companies will deliver tremendous value to our customers and increased opportunities for our employees,” said DynCorp CEO George Krivo. https://www.defensenews.com/congress/2020/09/25/amentum-to-acquire-dyncorp-international/

  • Armasuisse a signé le contrat d’acquisition du système SkyView de Thales 

    9 avril 2021 | International, Aérospatial

    Armasuisse a signé le contrat d’acquisition du système SkyView de Thales 

    DÉFENSE Air & Cosmos rappelle que la Suisse a choisi le système français SkyView de Thales dans le cadre de son programme « C2Air » qui vise à remplacer les sous-systèmes Ralus (système radar de situation aérienne) et Lunas (système de message de situation aérienne) dans le cadre de son système existant de surveillance aérienne et de contrôle des opérations des forces aériennes. Après une phase d'évaluation lors de laquelle trois systèmes différents ont été testés, armasuisse (Office fédéral de l'armement) avait opté, le 19 septembre 2019 pour le système SkyView. Le Parlement avait approuvé l'acquisition de ce système dans le cadre du message sur l'armée 2020. Le contrat d'acquisition avec le constructeur français a été signé début avril 2021. La réalisation interviendra dans les centres de calcul du DDPS (Département fédéral de la défense, de la protection de la population et des sports). Son introduction commencera aux alentours de 2025. Air & Cosmos du 9 avril

Toutes les nouvelles