DOD Cybersecurity Still Needs Much Work

The recently released Office of the Director, Operational Test, and Evaluation 2014 annual report found that “improvements must occur” in the Defense Department’s cyber programs. In a test of more than 40 systems, the director said there are still “exploitable cyber vulnerabilities that earlier technical testing could have mitigated.” Many of the issues were related to “unnecessary network services or system functions,” improperly installed or out of date software, and weak passwords. There was, however, a “notable improvement over previous years” in “participation of higher-echelon computer network defense service providers and local defenders,” which meant a broader picture view of cyber defensive postures. Even still, there was at least one assessed mission deemed high risk for attack by even the least experienced adversaries during each of 16 exercises. As a result of the findings, there will be more frequent site assessments on live networks to provide feedback on areas that need strengthening in day-to-day operations, states the report. (DOT&E full report; Caution, large-sized file.)