DMS security cracked during testing

Information warfare tests conducted in September 1999 on the Pentagon's $1.6 billion Defense Message System found serious deficiencies in the system's security protections.

During operational tests of DMS software Version 2.1, conducted last year by the Defense Department's Office of Operational Test and Evaluation, an information warfare test team "was able to penetrate all but one test site with only a moderate level of effort," according to the DOD's 1999 annual OT&E report, released this week. As a result of the failure, the Pentagon's OT&E director concluded that DMS Version 2.1 was "not operationally effective."

DMS was scheduled to replace the Pentagon's aging Automatic Digital Network (Autodin) message system at the end of last year. Developed in the 1960s, Autodin passes message traffic through a global network of highly secure but antiquated mainframes that use tape reels for data storage.

Plans for DMS deployment include installing the software on more than 360,000 desktops at more than 7,000 locations throughout the department.

According to the report, the inability of system administrators to adequately set up and configure DMS software securely led to gaps in network security that were easily breached. Evaluators also blamed the problem on the complexity of the software.

"The underlying factors are the complexity of DMS, the need to reconfigure DMS to integrate it with each distant site's supporting architecture and the lack of automated aids to check DMS security posture once it is installed or after it is reconfigured," the report stated.

Featured

  • Federal 100 Awards
    Federal 100 logo

    Nominations for the 2021 Fed 100 are now being accepted

    The deadline for submissions is Dec. 31.

  • Government Innovation Awards
    Government Innovation Awards - https://governmentinnovationawards.com

    Congratulations to the 2020 Rising Stars

    These early-career leaders already are having an outsized impact on government IT.

Stay Connected