https://www.wired.com/story/pentagon-cybersecurity-blind-spots/
By Lily Hay Newman
Wired.com
Security
04.14.2020
THE UNITED STATES federal government isn't known for robust cybersecurity. Even
the Department of Defense has its share of known vulnerabilities. Now a new
report from the Government Accountability Office is highlighting systemic
shortcomings in the Pentagon's efforts to prioritize cybersecurity at every
level and making seven recommendations for shoring up DoD's digital defenses.
The report isn't a checklist of what DoD should be doing to improve
cybersecurity awareness in the abstract. Instead, GAO looked at three
DoD-designed initiatives to see whether the Pentagon is following through on
its own goals. In a majority of cases, DoD has not completed the cybersecurity
training and awareness tasks it set out to. The status of various efforts is
simply unknown because no one has tracked their progress. While an assessment
of "cybersecurity hygiene" like this doesn't directly analyze a network's
hardware and software vulnerabilities, it does underscore the need for people
who use digital systems to interact with them in secure ways. Especially when
those people work on national defense.
"It's everyone’s responsibility to understand their part in cybersecurity, but
how do you convince everyone to follow the rules they’re supposed to follow and
do it consistently enough?" says Joseph Kirschbaum, a director in GAO's defense
capabilities and management team who oversaw the report. "You’re never going to
be able to eliminate all the threats, but you can manage them sufficiently, and
a lot of DoD's strategies and plans are good. Our concern is whether they're
doggedly pursuing it enough so they’re able to do the risk management."
[...]
--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_
