• Contact Us
  • Login
Upgrade
Tech News Hero
Advertisement
  • Home
  • News
  • Gadgets
  • Social
  • Gaming
  • Mobile
  • PC
  • Internet
  • Security
  • Apps
No Result
View All Result
  • Home
  • News
  • Gadgets
  • Social
  • Gaming
  • Mobile
  • PC
  • Internet
  • Security
  • Apps
No Result
View All Result
Tech News Hero
No Result
View All Result
Home Security

The Pentagon Hasn’t Fixed Basic Cybersecurity Blind Spots

by technewshero
April 15, 2020
in Security
0
Share on FacebookShare on Twitter

The United States federal government isn’t known for robust cybersecurity. Even the Department of Defense has its share of known vulnerabilities. Now a new report from the Government Accountability Office is highlighting systemic shortcomings in the Pentagon’s efforts to prioritize cybersecurity at every level and making seven recommendations for shoring up DoD’s digital defenses.

The report isn’t a checklist of what DoD should be doing to improve cybersecurity awareness in the abstract. Instead, GAO looked at three DoD-designed initiatives to see whether the Pentagon is following through on its own goals. In a majority of cases, DoD has not completed the cybersecurity training and awareness tasks it set out to. The status of various efforts is simply unknown because no one has tracked their progress. While an assessment of “cybersecurity hygiene” like this doesn’t directly analyze a network’s hardware and software vulnerabilities, it does underscore the need for people who use digital systems to interact with them in secure ways. Especially when those people work on national defense.

“It’s everyone’s responsibility to understand their part in cybersecurity, but how do you convince everyone to follow the rules they’re supposed to follow and do it consistently enough?” says Joseph Kirschbaum, a director in GAO’s defense capabilities and management team who oversaw the report. “You’re never going to be able to eliminate all the threats, but you can manage them sufficiently, and a lot of DoD’s strategies and plans are good. Our concern is whether they’re doggedly pursuing it enough so they’re able to do the risk management.”

“If you can’t track it, you can’t measure it. If you can’t measure it, you can’t manage it. And if you can’t manage it you’re not going to succeed.”

Peter Singer, New America Foundation

The report focuses on three ongoing DoD cybersecurity hygiene initiatives. The 2015 Cybersecurity Culture and Compliance Initiative outlined 11 education-related goals for 2016; the GAO found that the Pentagon only completed four of them. Similarly, the 2015 Cyber Discipline plan outlined 17 goals related to detecting and eliminating preventable vulnerabilities from DoD’s networks by the end of 2018. GAO found that DoD has only met six of those. Four are still pending, and the status of the seven others is unknown, because no one at DoD has kept track of the progress.

GAO repeatedly identified lack of status updates and accountability as core issues within DoD’s cybersecurity awareness and education efforts. It was unclear in many cases who had completed which training modules. There were even DoD departments lacking information on which users should have their network access revoked for failure to complete trainings.

“That DoD is not doing what it needs to on cybersecurity is not surprising,” says Peter Singer, a cybersecurity-focused strategist at the New America Foundation. “If you can’t track it, you can’t measure it. If you can’t measure it, you can’t manage it. And if you can’t manage it you’re not going to succeed.”

In a response to the report’s seven recommendations—which all relate to completing DoD’s existing initiatives and establishing stronger oversight and leadership to do it— the Department of Defense fully agreed with one, partly with four, and disagreed with two. The Pentagon argues that some of the goals and programs that date back to 2015 are now outdated and therefore irrelevant to current defense.

“To require that all of this new strategic direction and prioritization be overridden to monitor compliance with lower risk areas that the DoD identified almost five years ago will frustrate the Department’s efforts to keep pace with the changing tactics, techniques, and procedures of our adversaries and the evolving changes in technology,” DoD said in its response.

GAO stands by all of its recommendations, maintaining that while those goals were set five years ago they relate to foundational skills and concepts rather than specific software or devices. If anything, the backlog becomes all the more urgent to address as more time passes.

“DoD knows how to identify problems, they know how to attack them. It’s the follow through we’re looking at,” says the GAO’s Kirschbaum. “They’re absolutely correct that things have changed, the threat vectors have changed, technology has changed, but most of the things they pinpointed in terms of what the department needs to do culturally are enduring things, they’re basic cybersecurity practices.”

Previous Post

OnePlus 8 Pro vs Samsung Galaxy S20+ vs iPhone 11 Pro Max: Price, Specifications Compared

Next Post

Fun Show That Pays Homage to Original Series

technewshero

technewshero

Related Posts

2020 Shows the Danger of a Decapitated Cyber Regime
Security

2020 Shows the Danger of a Decapitated Cyber Regime

by technewshero
January 13, 2021
A ‘Bulletproof’ Criminal VPN Was Taken Down in a Global Sting
Security

A ‘Bulletproof’ Criminal VPN Was Taken Down in a Global Sting

by technewshero
January 14, 2021
The Worst Hacks of 2020, a Surreal Pandemic Year
Security

The Worst Hacks of 2020, a Surreal Pandemic Year

by technewshero
January 15, 2021
Security

How Your Digital Trails Wind Up in the Police’s Hands

by technewshero
December 31, 2020
How to Understand the Russia Hack Fallout
Security

How to Understand the Russia Hack Fallout

by technewshero
December 22, 2020
Next Post

Fun Show That Pays Homage to Original Series

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Most Popular

Amazon Restaurants in U.S. is shutting down – TechNewHero

June 11, 2019

How to watch Love Island online: stream the winter series from UK or abroad

February 18, 2020

Russia successfully disconnected from the internet

December 23, 2019

Browse by Category

  • Apps
  • Gadgets
  • Gaming
  • Internet
  • Mobile
  • News
  • PC & Laptops
  • Security
  • Social
Tech News Hero

© 2020 Tech News Hero.

No Result
View All Result
  • Home
  • Landing Page
  • Buy JNews
  • Support Forum
  • Contact Us

© 2020 Tech News Hero.

Welcome Back!

Login to your account below

Forgotten Password?

Create New Account!

Fill the forms bellow to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In
Are you sure want to unlock this post?
Unlock left : 0
Are you sure want to cancel subscription?