19 décembre 2018 | International, C4ISR

DoD IG: Military networks are exposed to ‘unnecessary’ cyber risks

By:

The military services are exposing networks to “unnecessary cybersecurity risks” thanks in part to a lack of visibility over software application inventories, according to a Department of Defense Inspector General report.

The IG investigated whether DoD components rationalized their software applications by identifying and eliminating any duplicative or obsolete applications. Rationalizing software applications seeks to improve enterprise IT by identifying all software applications on the network; determining if existing applications are needed, duplicative or obsolete; and determining if applications already existing within the network prior to purchasing new ones.

The audit — which focused on Marine Corps, Navy and Air Force commands and divisions — found that the groups examined did not consistently perform this rationalization process. By not having visibility into software application inventories, these organizations were unable to identify the extent of existing vulnerabilities within their applications, the report found.

Moreover, such a process could lead to cost savings associated with eliminating duplicative and obsolete applications.

Fleet Forces Command was the only command the IG reviewed that had a process in place for eliminating duplicative or obsolete applications. The Air Force did not have a process in place to prevent duplication when purchasing new applications.

The report placed blame on the DoD chief information officer for not implementing a solution for software rationalization in response to Federal Information Technology Acquisition Reform Act requirements.

The IG made three recommendations for the CIO, who did not provide a response to draft recommendations:

  • Develop an enterprisewide process for conduction software application rationalization throughout DoD;
  • Establish guidance requiring DoD components to conduct rationalization and require DoD component CIOs to develop implementation guidance outlining responsibilities for rationalization. Such a policy should also require components on at least an annual basis to validate the accuracy of their owned and in use software applications inventory; and
  • Conduct periodic review to ensure components are regularly validating the accuracy of their inventory and they are eliminating duplicative and obsolete applications.

https://www.fifthdomain.com/dod/2018/12/18/dod-ig-military-networks-are-exposed-to-unnecessary-cyber-risks

Sur le même sujet

  • CACI Awarded $239 Million Task Order to Provide Intelligence Analysis and Operations to U.S. Army Europe and Africa

    19 août 2024 | International, Terrestre

    CACI Awarded $239 Million Task Order to Provide Intelligence Analysis and Operations to U.S. Army Europe and Africa

    CACI will deliver comprehensive all-source and single-discipline intelligence expertise tailored to the U.S.EUCOM and U.S.AFRICOM AORs during peacetime activity as well as crisis and contingency scenarios.

  • COVID-19: Army Delays Missile Defense Network Test EXCLUSIVE

    8 avril 2020 | International, Aérospatial, Terrestre, C4ISR

    COVID-19: Army Delays Missile Defense Network Test EXCLUSIVE

    The long-awaited IBCS battle network is meant to connect a wide range of Army radars and weapons – and potentially other services' as well – for anti-aircraft and missile defense. By SYDNEY J. FREEDBERG JR. WASHINGTON: The Army has indefinitely postponed a major test of its IBCS air and missile defense network to protect the soldiers and civilians involved from the COVID-19 coronavirus, Breaking Defense has learned. A battalion of air defense troops who'd been training for weeks at White Sands Missile Range have been sent back to home base. Even more important for public health, technical experts from multiple Army agencies and contractors will no longer have to travel to the test. Known formally as a Limited User Test, the event requires participation from across the country, the head of the Army's air & missile defense modernization task force, Bring Gen. Brian Gibson, told me in late March. The LUT would involve both soldiers and civilians from Fort Sill, the Army's artillery & air defense center; Huntsville, headquarters for the service's missile procurement; and extensive support from the host facility, White Sands Missile Range, as well as neighboring El Paso, Tex., Gibson said. Other participants would come from even further afield, such as Army Test & Evalucation Command (ATEC) at Aberdeen Proving Grounds. “There are testers from afar that come in to oversee that test,” Gibson told me. “Those are all variables that are part of this daily assessment on should we, can we, do we continue?” Ironically, the soldiers training for the test were probably safer than the general public – as long as they were isolated in the desert at the vast White Sands Missile Range. But if one of them were somehow exposed to the coronavirus, Gibson warned, the patient would be in close quarters with lots of other soldiers and a long way away from a hospital. “Certainly, being away from large population centers is a different dynamic, [and] most of the time that is positive,” Gibson told me in March, “but, also, we're very cognizant that's still a pretty large number of individuals we have together in tight quarters that are further away from population centers where most of the health care infrastructure and support is.” There have been no reports that any soldiers involved have fallen ill. The test had been scheduled to begin May 15, after weeks of intensive training and preparation. No new date has been set, but if the Army can start the LUT up in July – far from a foregone conclusion – it can keep the high-priority program on schedule. Why IBCS Matters What is IBCS? The name is an awkward nested acronym for Integrated Air & Missile Defense (IAMD) Battle Command System. The network is intended to share data and commands seamlessly among a wide range of historically incompatible systems across the Army and, potentially, the other services. As such, it's the No. 1 priority in the Army's air & missile defense portfolio, which is in turn one of the service's Big Six priority areas for modernize. The program's been in the works for over a decade with many ups, downs and delays, but the Army and lead contractor Northrop Grumman are confident they have turned IBCS around. Four years ago, an earlier — disastrous — Limited User Test revealed software problems that led the Army to delay the program four years and overhaul the entire program. Since that 2016 LUT, the Army and Northrup have been bringing soldiers and engineers together frequently to try out the latest software upgrades and make fixes, rather than waiting for feedback from a major test event. The Army even brought in the Air Force for an experiment in which an F-35A Joint Strike Fighter successfully transmitted targeting data on a missile to IBCS. Compatibility with IBCS is now mandatory for all future Army air & missile defense systems, which has been a stumbling block for the Israeli-made Iron Dome. Top brass have even begun touting IBCS as a key building block of the future Joint All-Domain Command & Control (JADC2) mega-network meant to coordinate all the armed services in a future war with Russia or China. So the Army and Northrop were understandably eager to show off how well the latest version of IBCS performs. When they'll have a chance to do so depends less on what they do themselves than on the progress the entire nation makes against an insidious and invisible enemy. https://breakingdefense.com/2020/04/covid-19-army-delays-missile-defense-network-test-exclusive

  • SpaceX, ULA each get Air Force contracts for trio of space launches

    25 février 2019 | International, Aérospatial

    SpaceX, ULA each get Air Force contracts for trio of space launches

    By: Valerie Insinna WASHINGTON — The battle between military space juggernaut United Launch Alliance and its upstart rival SpaceX continues, with the two companies splitting a collection of launch contracts worth $739 million awarded by the Air Force on Tuesday. ULA, a joint venture of Boeing and Lockheed Martin, picked up a $442 million award for three launches, while Elon Musk's SpaceX nabbed a $297 million contract for another three launches. Each company will be responsible for “launch vehicle production, mission integration, mission launch operations/spaceflight worthiness, and mission unique activities,” according to the contract award. ULA will deliver the following payloads as part of its contract: Silent Barker, a secret payload developed by the Air Force and National Reconnaissance Office, which will improve situational awareness after it is launched in fiscal year 2022. SBIRS GEO-5, the fifth geostationary satellite in the Space Based Infra Red Sensor constellation, will improve early warning for missile launches. SBIRS GEO-5 is set to be launched in FY21. SBIRS GEO-6, the sixth geostationary satellite in the SBIRS constellation, could be launched in FY22, but no firm date has been set. Meanwhile SpaceX will launch these payloads: NROL-85, a classified intelligence payload launched for the NRO, expected to be launched in FY21 NROL-87, another classified NRO payload set for a FY21 launch date. AFSPC-44, an Air Force satellite also set to be launched in FY21. The service hasn't released much information about this payload's capabilities or purpose. The contracts were awarded by the Air Force's Space and Missile Systems Center as part of the Evolved Expendable Launch Vehicle program. In a statement, Lt. Gen. John Thompson, commander of SMC and program executive officer for space programs, defended the service's strategy of awarding launch contracts in a way that balances rewarding low-price bids while also maintaining competition among rocket makers. “The competitive award of these EELV launch service contracts directly supports SMC's mission of delivering resilient and affordable space capabilities to our nation while maintaining assured access to space” he said. https://www.defensenews.com/space/2019/02/20/spacex-ula-each-get-air-force-contracts-for-trio-of-space-launches/

Toutes les nouvelles