Retour aux nouvelles

21 février 2020 | International, C4ISR, Sécurité

How many users were affected by the DISA breach?

Andrew Eversden

A breach of a system hosted by the Defense Information Systems Agency, the Department of Defense's primary IT support agency, affected “approximately 200,000” users after a malicious actor may have gained access to names and Social Security numbers, according to a Pentagon spokesman.

Chuck Prichard, a DoD spokesman, said there is “no evidence to suggest that any of the potentially compromised [personally identifiable information] was misused.” DISA is sending letters notifying potentially affected users, in line with agency policy.

He added that affected individuals “will subsequently receive additional correspondence with information about actions that can be taken to mitigate possible negative impacts.”

The news of the breach was first reported by Reuters.

Prichard said the breach was discovered during summer 2019. According to Reuters, which viewed a copy of the letter sent out to DISA officials, the breach occurred between May and July 2019.

Affected users will also receive free credit monitoring, Prichard said.

Prichard declined to specify what network was breached, only that it was hosted by DISA. He also declined to comment on how long the actor was in the network.

“DoD and DISA take the security of our people, information (or data) and operations very seriously and actively monitor potential threats," Prichard said. “For operational security reasons, the department does not comment on the actions taken to mitigate risks or vulnerabilities.”

He did add that “DISA ... conducted a thorough investigation of this incident and taken appropriate measures to secure the network.”

According to its website, DISA employs over 8,000 military and civilian employees. The agency's mission includes protecting the Department of Defense Information Network, a global DoD network used for sharing and storing information. DISA runs a variety of other systems, including combat support, DoD enterprise email and other communication networks.

https://www.fifthdomain.com/dod/2020/02/20/how-many-users-were-affected-by-the-disa-breach/

Sur le même sujet

  • DISA releases draft solicitation for $11.7 billion IT contract

    9 septembre 2020 | International, C4ISR, Sécurité

    DISA releases draft solicitation for $11.7 billion IT contract

    Andrew Eversden WASHINGTON — The U.S. Defense Information Systems Agency released its draft request for proposals Sept. 4 for a single-award contract potentially worth $11.7 billion to consolidate the networks at 22 Pentagon agencies. The 10-year, indefinite delivery, indefinitely quantity contract from DISA, called Defense Enclave Services, will transition many so-called fourth estate agencies to common IT systems under a single vendor. Fourth estate agencies are Defense Department entities that do not sit squarely under the military departments, such as the Missile Defense Agency or the Defense Logistics Agency. DISA's effort is meant to reduce redundant IT costs, improve cybersecurity and standardize IT support services among the fourth estate agencies. “DISA desires to partner with industry to provide commercial Information Technology (IT) services, decrease redundant IT costs, enhance cybersecurity posture, and standardize IT services across disparate networks,” the draft RFP stated. “Defense Enclave Services will unify the 4th Estate's Common Use IT systems, personnel, functions, and program elements associated with the support of those systems and technologies under a Single Service Provider (SSP) architecture managed, operated, and supported by DISA.” Under the draft RFP, the single provider will provide “all required transition, infrastructure, network operations and management engineering and innovation, cybersecurity, and technical refresh support services" under nine performance areas. Migration to a consolidated network will take place in two phases. Agencies involved in the first phase will complete “integration and sustainment” by fiscal 2025, and those involved in the second phase will complete migration by fiscal 2026. The network will include the Non-classified Internet Protocol Router Network and the Secret Internet Protocol Router Network. DISA estimates the performance period will be from Dec. 7, 2021, to Dec. 6, 2031, with a four-year base period and three two-year options. According to a pre-solicitation industry day script from August, five agencies will be part of the first task order: Defense Media Activity, Defense Technical Information Center, Defense Information Systems Agency, Defense POW/MIA Accounting Agency and Defense Microelectronics Activity. Those five components include 20,000 users, 81 global sites and 40,000 end points, the presentation stated. DISA has been under pressure from lawmakers and top Pentagon officials in recent years to find ways to save money. Last year, DISA officials told reporters that the agency's Fourth Estate Network Optimization initiative would provide cost savings to the agency. The initiative was directed by the deputy secretary of defense in August last year. Phase one agencies include: Defense Information Systems Agency (DISA-HQ) Defense Technical Information Center (DTIC) Defense Prisoner of War/Missing in Action Accounting Agency (DPAA) Defense Microelectronics Activity (DMEA) Defense Media Activity (DMA) Defense Information Systems Agency (DISA-Field Sites) Defense Contract Management Agency (DCMA) Defense Contract Audit Agency (DCAA) Defense Human Resources Agency/Defense Manpower Data Center (DHRA/DMDC) Defense Finance and Accounting Service (DFAS) Defense Threat Reduction Agency (DTRA) Defense Logistics Agency (DLA) Defense Advanced Research Projects Agency (DARPA) Missile Defense Agency (MDA) Phase two agencies include: Defense Health Agency (DHA) Defense Legal Services Agency (DLSA) Defense Security Cooperation Agency (DSCA) Defense Technology Security Agency (DTSA) Joint Chiefs of Staff (JCS) Office of Secretary of Defense (OSD) Personnel Force Protection Agency (PFPA) Washington Headquarters Services (WHS) Joint Service Provider (JSP) According to the posting on beta.sam.gov, the final RFP will be released the last week of September. https://www.c4isrnet.com/it-networks/2020/09/08/disa-releases-draft-solicitation-for-117-billion-it-contract/

  • Leonardo DRS joins UAE-based firm to support key projects of the country’s armed forces

    18 février 2019 | International, C4ISR

    Leonardo DRS joins UAE-based firm to support key projects of the country’s armed forces

    By: Chirine Mouchantaf BEIRUT — Leonardo DRS' land electronics unit has signed an agreement with the International Golden Group based in the United Arab Emirates to support key projects for the country's armed forces. As part of the settlement, U.S.-based Leonardo DRS will establish an innovative engineering and support facility in IGG's industrial park in Abu Dhabi to support projects and assist in hiring and training locals to fill new high-tech manufacturing positions, the company said in a statement. “Leonardo has a long history in working to support the armed forces of the UAE, and this partnership within our subsidiary and IGG has us very excited," Lorenzo Mariani, Leonardo chief commercial officer, told Defense News The two parties are expected to collaborate on advanced communication systems integration in support of tactical C4I projects, as well as onboard vehicle power systems that provide combat vehicles with up to 120 kilowatts of mobile electrical power for complex C4ISR systems, mobile command posts, radars, weapon systems and other power-hungry expeditionary capabilities. “The high technology of Leonardo DRS and the capabilities of IGG will lead to next-level products for the country's armed forces now and well into the future,” Mariani added. The agreement deepens an already strong relationship between Leonardo DRS and the government of the UAE. In 2017, Leonardo and IGG signed a strategic collaboration agreement to supply cybersecurity capabilities in the UAE, and to identify and implement advanced solutions including security operations centers. The agreement's aim was to integrate the solutions and market knowledge offered by IGG with Leonardo's state-of-the-art know-how in a long-term strategic and international partnership. Bill Guyan, vice president and general manager of the Leonardo DRS land electronics unit, considers the Emirati-American military relationship a robust one full of new growth potential over the next few years. “The recent growth of the Leonardo DRS land electronics business in the UAE has produced this natural next step. We are proud to lay down enduring roots and a strong business presence and remain committed to the success of our UAE customer and UAE Vision 2021,” he said, referring to the country's effort to prioritize health care, economic competitiveness, sustainable infrastructure, education, a cohesive society and an improved judiciary. “We are eager to work with IGG to provide the guidance, technology and support required to increase interoperability between the U.S. and Emirati forces, allowing them to strategically operate more closely,” he added. https://www.defensenews.com/digital-show-dailies/idex/2019/02/15/leonardo-drs-joins-uae-based-firm-to-support-key-projects-of-the-countrys-armed-forces/

  • Revised National Cyber Incident Response Plan for Public Comment | CISA

    16 décembre 2024 | International, C4ISR, Sécurité

    Revised National Cyber Incident Response Plan for Public Comment | CISA

Toutes les nouvelles