DMS security cracked during testing

Information warfare tests conducted in September 1999 on the Pentagon's $1.6 billion Defense Message System found serious deficiencies in the system's security protections.

During operational tests of DMS software Version 2.1, conducted last year by the Defense Department's Office of Operational Test and Evaluation, an information warfare test team "was able to penetrate all but one test site with only a moderate level of effort," according to the DOD's 1999 annual OT&E report, released this week. As a result of the failure, the Pentagon's OT&E director concluded that DMS Version 2.1 was "not operationally effective."

DMS was scheduled to replace the Pentagon's aging Automatic Digital Network (Autodin) message system at the end of last year. Developed in the 1960s, Autodin passes message traffic through a global network of highly secure but antiquated mainframes that use tape reels for data storage.

Plans for DMS deployment include installing the software on more than 360,000 desktops at more than 7,000 locations throughout the department.

According to the report, the inability of system administrators to adequately set up and configure DMS software securely led to gaps in network security that were easily breached. Evaluators also blamed the problem on the complexity of the software.

"The underlying factors are the complexity of DMS, the need to reconfigure DMS to integrate it with each distant site's supporting architecture and the lack of automated aids to check DMS security posture once it is installed or after it is reconfigured," the report stated.

Featured

  • Elections
    voting security

    'Unprecedented' challenges to safe, secure 2020 vote

    Our election infrastructure is bending under the stress of multiple crises. Administrators say they are doing all they can to ensure it doesn't break.

  • FCW Perspectives
    zero trust network

    Can government get to zero trust?

    Today's hybrid infrastructures and highly mobile workforces need the protection zero trust security can provide. Too bad there are obstacles at almost every turn.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.