DMS security cracked during testing
- By Dan Verton
- Feb 16, 2000
Information warfare tests conducted in September 1999 on the Pentagon's $1.6 billion Defense Message System found serious deficiencies in the system's security protections.
During operational tests of DMS software Version 2.1, conducted last year by the Defense Department's Office of Operational Test and Evaluation, an information warfare test team "was able to penetrate all but one test site with only a moderate level of effort," according to the DOD's 1999 annual OT&E report, released this week. As a result of the failure, the Pentagon's OT&E director concluded that DMS Version 2.1 was "not operationally effective."
DMS was scheduled to replace the Pentagon's aging Automatic Digital Network (Autodin) message system at the end of last year. Developed in the 1960s, Autodin passes message traffic through a global network of highly secure but antiquated mainframes that use tape reels for data storage.
Plans for DMS deployment include installing the software on more than 360,000 desktops at more than 7,000 locations throughout the department.
According to the report, the inability of system administrators to adequately set up and configure DMS software securely led to gaps in network security that were easily breached. Evaluators also blamed the problem on the complexity of the software.
"The underlying factors are the complexity of DMS, the need to reconfigure DMS to integrate it with each distant site's supporting architecture and the lack of automated aids to check DMS security posture once it is installed or after it is reconfigured," the report stated.