Cyber red teams find DOD systems tougher to crack

A Pentagon watchdog noted improvements in cyber capabilities but worried that adversaries are improving their attacks faster than defenders are shoring up their systems.

In a Jan. 31 report, the Office of the Director, Operational Test and Evaluation shared the results of 50 cybersecurity assessments of combatant commands and the military services.

The report found that despite improvements in penetrating network defenses and maintaining access, missions and systems continued to be at risk of cyber intrusions in acquisition programs, and previously unknown vulnerabilities kept popping up.

"There were an increasing number of instances where the cyber red teams employed during DOT&E assessments experienced greater difficulty in penetrating network defenses or maintaining previously acquired accesses," the director Robert Behler wrote in the report.

"These improvements are both noteworthy and encouraging, but we estimate that the rate of these improvements is not outpacing the growing capabilities of potential adversaries, who continue to find new vulnerabilities and techniques to counter the fixes and countermeasures by DOD defenders."

Behler noted that the DOD's red teams themselves are under-resourced and suggested that their results might impart a false sense of confidence to system owners across the Defense Department.

The report stated that "realistic demonstrations" of advanced, multipronged cyberattacks "have yet to become routine" across the DOD.

In an overview of its operations, DOT&E reported that assessments of legacy weapons systems considered resistant to cyberattack by virtue of their age identified possible avenues of attack in more recent updates that were not part of the original design.

Additionally, trust relationships between different command networks allowed red team operatives to proceed from one network to another. "Trust relationships are critical to the operational support relationships between separate warfighter commands, but they

must be designed and monitored to prevent mission impacts by adversaries," the report stated.