Cybersecurity

Cyber red teams find DOD systems tougher to crack

The Pentagon (Photo by Ivan Cholakov / Shutterstock) 

A Pentagon watchdog noted improvements in cyber capabilities but worried that adversaries are improving their attacks faster than defenders are shoring up their systems.

In a Jan. 31 report, the Office of the Director, Operational Test and Evaluation shared the results of 50 cybersecurity assessments of combatant commands and the military services.

The report found that despite improvements in penetrating network defenses and maintaining access, missions and systems continued to be at risk of cyber intrusions in acquisition programs, and previously unknown vulnerabilities kept popping up.

"There were an increasing number of instances where the cyber red teams employed during DOT&E assessments experienced greater difficulty in penetrating network defenses or maintaining previously acquired accesses," the director Robert Behler wrote in the report.

"These improvements are both noteworthy and encouraging, but we estimate that the rate of these improvements is not outpacing the growing capabilities of potential adversaries, who continue to find new vulnerabilities and techniques to counter the fixes and countermeasures by DOD defenders."

Behler noted that the DOD's red teams themselves are under-resourced and suggested that their results might impart a false sense of confidence to system owners across the Defense Department.

The report stated that "realistic demonstrations" of advanced, multipronged cyberattacks "have yet to become routine" across the DOD.

In an overview of its operations, DOT&E reported that assessments of legacy weapons systems considered resistant to cyberattack by virtue of their age identified possible avenues of attack in more recent updates that were not part of the original design.

Additionally, trust relationships between different command networks allowed red team operatives to proceed from one network to another. "Trust relationships are critical to the operational support relationships between separate warfighter commands, but they

must be designed and monitored to prevent mission impacts by adversaries," the report stated.

About the Author

Lauren C. Williams is a staff writer at FCW covering defense and cybersecurity.

Prior to joining FCW, Williams was the tech reporter for ThinkProgress, where she covered everything from internet culture to national security issues. In past positions, Williams covered health care, politics and crime for various publications, including The Seattle Times.

Williams graduated with a master's in journalism from the University of Maryland, College Park and a bachelor's in dietetics from the University of Delaware. She can be contacted at lwilliams@fcw.com, or follow her on Twitter @lalaurenista.

Click here for previous articles by Wiliams.


Featured

  • Defense
    The U.S. Army Corps of Engineers and the National Geospatial-Intelligence Agency (NGA) reveal concept renderings for the Next NGA West (N2W) campus from the design-build team McCarthy HITT winning proposal. The entirety of the campus is anticipated to be operational in 2025.

    How NGA is tackling interoperability challenges

    Mark Munsell, the National Geospatial-Intelligence Agency’s CTO, talks about talent shortages and how the agency is working to get more unclassified data.

  • Veterans Affairs
    Veterans Affairs CIO Jim Gfrerer speaks at an Oct. 10 FCW event (Photo credit: Troy K. Schneider)

    VA's pivot to agile

    With 10 months on the job, Veterans Affairs CIO Jim Gfrerer is pushing his organization toward a culture of constant delivery.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.