Pentagon finds holes in DMS

The Director of Operational Test and Evaluation Fiscal Year 2000 Annual Report

The Pentagon's latest operational test and evaluation report found substantial shortfalls with some of the Defense Department's biggest information technology systems, including security holes in the Defense Message System.

The annual report of the Director, Operational Test and Evaluation, was delivered to Congress in February and made public in early March. The report includes the Pentagon's assessment of all major systems tested and evaluated in 2000 as part of the acquisition process.

Among other things, the report found that DMS is not fully secure. Testers were able to penetrate the system several times, including the five DMS test sites, its infrastructure nodes, and the Regional Node and Operations security Center.

DMS is a $1.6 billion program designed to provide writer-to-reader message services for classified and top-secret information to all defense users at their desktops.

The primary mode of infiltrating DMS included the exploitation of so-called trust relationships. Microsoft Corp. Windows environments within a site domain rely on trust relationships across the domain. Thus, DMS depends on the level of security maintained in other systems operating in the same domain, the report explained.

"Weak passwords, clear-text scripts/files with sensitive information, and lax procedures continued to cause most vulnerabilities," the report stated. "[Regional Node and Operations Security Center] security is hampered by lack of a firewall."

In addition, Pentagon testers found that messaging between DMS and existing Pentagon and allied systems "suffered due to missing routing information and procedural problems." It also states, "Errors in implementing important change notifications are indicative of system immaturity and lack of attention to detail by system administrators."

Other systems noted in the evaluation report included:

Global Combat and Support System: During testing, users had trouble getting information and had little confidence in it once they did. Maneuver Control System: The evaluation identified shortfalls in database accuracy, interoperability, logistics supportability and user acceptance. Performance likely would erode further in a battlefield environment, the report stated. Theater Battle Management Core System: The evaluation showed more than 500 deficiencies, primarily in data integrity and a lack of timely dissemination of the air battle plan to other system nodes. Land Warrior: The report noted that the restructured program looks good, but challenges remain, especially in the integration of all the subsystems. Army digitization: The report noted that much progress has been made, but current capabilities are still immature. Army Force XXI Battle Command, Brigade and Below: The evaluation found significant improvement, but the system may not be scalable up to division level.

Featured

  • IT Modernization
    shutterstock image By enzozo; photo ID: 319763930

    OMB provides key guidance for TMF proposals amid surge in submissions

    Deputy Federal CIO Maria Roat details what makes for a winning Technology Modernization Fund proposal as agencies continue to submit major IT projects for potential funding.

  • gears and money (zaozaa19/Shutterstock.com)

    Worries from a Democrat about the Biden administration and federal procurement

    Steve Kelman is concerned that the push for more spending with small disadvantaged businesses will detract from the goal of getting the best deal for agencies and taxpayers.

Stay Connected