Pentagon study finds military experts fail to report, log, and fix cyber vulnerabilities consistently

WASHINGTON – The U.S. Department of Defense (DOD) has not mitigated cyber vulnerabilities consistently that were identified in a 2012 report, according to the department’s inspector general (IG). Fifth Domain reports. Continue reading original article

The Military & Aerospace Electronics take:

30 March 2020 -- The DOD IG issued a report that determined military cyber red teams didn’t report the results of assessments to organizations and components didn’t correct or mitigate the identified vulnerabilities effectively.

The new report discovered that components didn’t consistently mitigate or include unmitigated vulnerabilities identified in the prior audit and during this audit by red teams during combatant command exercises, operational testing assessments, and agency-specific assessments in plans of action and milestones.

The report found that DOD didn’t establish a unified approach because its experts didn’t assign an organization with responsibility to oversee and synchronize red team activity based on priorities, didn’t assess the resources and train needed for each red team, and it didn’t develop baseline tools to perform assessments.

Related: 5G set to revolutionize mobile communications, but may uncover potential vulnerabilities for cyber security

Related: DARPA eyes artificial intelligence (AI) tools to anticipate cyber vulnerabilities at the design stage

Related: Government, military search for ways to secure networks, shield technology supply chain from cyber attacks

John Keller, chief editor
Military & Aerospace Electronics