The report published by the Defense Department Inspector General on January 9, shows a worrisome situation, there
This means that security and IT staff at the Pentagon is ignoring the recommendations exposing it to the risk of hack.
“recently issued cybersecurity reports indicate that the DoD still faces challenges in managing cybersecurity risk to its network. Additionally, as of September 30, 2018, there were 266 open cybersecurity‑related recommendations, dating as far back as 2008. ” reads the executive summary of the report.
The report also includes results from four classified reports and 20 unclassified reports that were drafted between July 1, 2017, and June 30, 2018, by the Government Accountability Office and DoD community.
Results from the unclassified reports shows improvements in the asset management, information protection processes and procedures, identity management and access control, and security continuous monitoring.
According to the documents, the DoD has addressed 19 of the 159 recommendations made in the reports.
The largest number of weaknesses identified by the experts were related to governance,
The report highlights that the DoD must continue managing cyber risks,
“However, the DoD needs to continue focusing on managing cybersecurity risks related to governance, asset management, information protection processes and procedures, identity management and access control, security continuous monitoring, detection processes, and communications.” states the report.
The report doesn’t surprise the experts, in September another audit conducted by the Inspector General revealed that 266 DoD cybersecurity-related recommendations were still open, 11 of them being classified and 255 unclassified and 11
In October another report published by the Government Accountability Office (GAO) revealed that almost any new weapon system in the arsenal of the Pentagon
“Without proper governance, the DoD cannot assure that it effectively identifies and manages cybersecurity risk as it continues to face a growing variety of cyber threats from adversaries such as offensive cyberspace operations used to disrupt, degrade, or destroy targeted information systems.” concludes the DoD OIG.
(SecurityAffairs – Pentagon, hacking)