- Sputnik International
World
Get the latest news from around the world, live coverage, off-beat stories, features and analysis.

Pentagon Admits: US Government Systems Ripe for the Hacking

© Flickr / PauloThe US Department of Defense is routinely dragging its feet in addressing software vulnerabilities, an official from the Pentagon lamented on Wednesday.
The US Department of Defense is routinely dragging its feet in addressing software vulnerabilities, an official from the Pentagon lamented on Wednesday. - Sputnik International
Subscribe
The US Department of Defense is routinely dragging its feet in addressing software vulnerabilities, an official from the Pentagon lamented on Wednesday, adding that the neglect of routine computer system maintenance is putting the US at risk of cyber attacks.

Sen. Chris Coons, D-Del. - Sputnik International
Senator Urges Congress to Stop Funding Cuts to Fight Off Cyber Attacks
While software patches should be dealt with on a daily basis, as they become available, they are instead being addressed on an "episodic" basis, meaning that in the meantime, hackers have an advantage over the US government,  Army Lt. Gen. Mark Bowman told an audience at a defense industry event. 

"When Microsoft or Adobe comes out with a patch, the bad guys are using that stuff too, so they know where the vulnerable areas are," said Bowman, who is the Joint Chief of Staff's director of command, control, communications and computers (J-6). 

"We have these combatant command readiness checks, and it appears to be an episodic thing, where a whole lot of work goes on when you're getting ready to be inspected."

While Bowman didn't discuss any particular security lapse, he said that, over and over again, he's seen routine fixes that were simply ignored or security measures that weren't taken seriously leading to breaches. 

"We're all reading about breaches in security, and every one that I can think of is related to poor network hygiene, some patch that somebody didn't put in, some weak password that somebody had, some systems administrator that had a simple password that could be hacked," Bowman said. "These are simple things; this is our job."

A lapse in addressing vulnerabilities was just one of the weak spots Bowman discussed. The Defense Information Systems Agency (DISA) is in charge of coordinating and streamline the disparate IT systems of the DoD into a more unified, secure system known as the Joint Information Enterprise (JIE).

NSA Headquarters, Fort Meade, MD. - Sputnik International
NSA Confident in Ability to Attribute Massive Government Data Breach

Bowman said he was unhappy with the pace of progress on the project. He cited disputes over control and territory as delaying the development of  command and control DOD Information Networks (DODIN) which is supposed to take of the defensive work of US Cyber Command. 

"There's been a lot of talk about progress, a lot of people are happy with where we are — I'm not," Bowman said. "No matter what we do for our next operation, no matter whether it's humanitarian assistance."

He described a lack of unity over sharing control over the various parts of the massive undertaking. 

"I don't know why. What we really need is end-to-end visibility, and if we got people worrying about what they control and where they are in the network, that's a problem."

Bowman also spoke about the Joint Regional Security Stacks — the network hubs that make up the JIE. The JRSS project is a collection of servers, switches and software tools meant to give DOD network operators a clearer view of traffic. Bowman said the stacks aren't being rolled out quickly enough for his liking. 

The stacks project "is a must-do this year, but we got people looking at it and reading the homework and deciding we don't really want to do that," he said, also citing a lack of sufficiently qualified personnel to do the work. 

The Joint Chiefs official also said the Pentagon was encountering resistance to efforts to exert more control over networks

"We're seeing people push back" on those efforts, Bowman said. 

"People think they own their own network; they don't own any networks. This is all part of the Department of Defense networks, and we need to realize that… and then act like that."

Bowman's comments came just days after the US Office of Personnel Management (OPM) told Congress it cannot afford a $93 million IT upgrade to prevent future cybersecurity breaches like the one announced in early June that compromised the sensitive personal data of nearly 18 million prospective, current and former federal employees.

The US government on Thursday said that hackers accessed the personal data of at least four million current and former federal employees. - Sputnik International
Far Worse Than Acknowledged: Hack Compromised Every US Federal Worker

On the heels of the largest breach of personal information in federal government history, the funds to counter such breaches were lacking, OPM Assistant Inspector General for Audit Mike Esser told a Senate Financial Services and General Government hearing on Tuesday.

"The cost of this work is likely to be substantial and the lack of the dedicated funding source increases the risk that the project will fail to meet its objectives," Esser stated.

"Its estimate of $93 million includes only the initial phases of the project, which covers tightening up the security controls and building a new shell environment," he added.

OPM is the US government’s human resource department charged with recruiting and training the workforce of the federal civil service.

Newsfeed
0
To participate in the discussion
log in or register
loader
Chats
Заголовок открываемого материала