The report published by the Defense Department Inspector General on January 9, shows a worrisome situation, there are 266 issue, some of them are ten-years-old cybersecurity‑related recommendations still unresolved in the Pentagon infrastructure.
This means that security and IT staff at the Pentagon is ignoring the recommendations exposing it to the risk of hack.
“recently issued cybersecurity reports indicate that the DoD still faces challenges in managing cybersecurity risk to its network. Additionally, as of September 30, 2018, there were 266 open cybersecurity‑related recommendations, dating as far back as 2008. ” reads the executive summary of the report.
The report also includes results from four classified reports and 20 unclassified reports that were drafted between July 1, 2017, and June 30, 2018, by the Government Accountability Office and DoD community.
Results from the unclassified reports shows improvements in the asset management, information protection processes and procedures, identity management and access control, and security continuous monitoring.
According to the documents, the DoD has addressed 19 of the 159 recommendations made in the reports.
The largest number of weaknesses identified by the experts were related to governance,
The report highlights that the DoD must continue managing cyber risks,
“However, the DoD needs to continue focusing on managing cybersecurity risks related to governance, asset management, information protection processes and procedures, identity management and access control, security continuous monitoring, detection processes, and communications.” states the report.
The report doesn’t surprise the experts, in September another audit conducted by the Inspector General revealed that 266 DoD cybersecurity-related recommendations were still open, 11 of them being classified and 255 unclassified and 11 classified, dating as far back as 2008.
In October another report published by the Government Accountability Office (GAO) revealed that almost any new weapon system in the arsenal of the Pentagon is vulnerable to hack.
“Without proper governance, the DoD cannot assure that it effectively identifies and manages cybersecurity risk as it continues to face a growing variety of cyber threats from adversaries such as offensive cyberspace operations used to disrupt, degrade, or destroy targeted information systems.” concludes the DoD OIG.
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer.
Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US.
Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.
Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.