The American Military Sucks at Cybersecurity

[InfoSec News <alerts () infosecnews org>]

https://motherboard.vice.com/en_us/article/7xy5ky/the-american-military-sucks-at-cybersecurity

By Matthew Gault
Motherboard.vice.com
Jan 15 2019

The Department of Defense is terrible at cybersecurity. That's the assessment 
of the Pentagon's Inspector General (IG), who did a deep dive into the American 
military's ability to keep its cyber shit on lockdown. The results aren't 
great. "As of September 30, 2018, there were 266 open cybersecurity‑related 
recommendations, dating as far back as 2008," the Inspector General said in a 
new report.

The new report is a summary of the IG's investigations into Pentagon 
cybersecurity over the previous year. It looked at 20 unclassified and four 
classified reports that detailed problems with cybersecurity and followed up to 
see if they'd been addressed. Previously, the IG had recommended the Pentagon 
take 159 different steps to improve security. It only took 19 of them.

Cybersecurity issues affected all branches of the military and ranged from the 
serious to the mundane. At a server site connected to America's ballistic 
missile defense systems, inspectors "found an unlocked server rack despite a 
posted sign on the rack stating that the server door must remain locked at all 
times."

According to the IT security officer on staff at the time, "network operations 
staff were troubleshooting issues with the server in the rack we found unlocked 
and failed to notify the [redacted] assistant security manager once they 
completed maintenance on the server so he could lock it."

[...]

--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_