Wednesday, April 15, 2020
  • About us
    • Write for us
    • Disclaimer
    • Terms of use
    • Privacy Policy
  • RSS Feeds
  • Advertise with us
  • Contact us
DefenceTalk
  • Home
  • Defense News
    • Defense & Geopolitics News
    • War Conflicts News
    • Army News
    • Air Force News
    • Navy News
    • Missiles Systems News
    • Nuclear Weapons
    • Defense Technology
    • Cybersecurity News
  • Military Photos
  • Defense Forum
  • Military Videos
  • Military Weapon Systems
    • Weapon Systems
    • Reports
No Result
View All Result
  • Home
  • Defense News
    • Defense & Geopolitics News
    • War Conflicts News
    • Army News
    • Air Force News
    • Navy News
    • Missiles Systems News
    • Nuclear Weapons
    • Defense Technology
    • Cybersecurity News
  • Military Photos
  • Defense Forum
  • Military Videos
  • Military Weapon Systems
    • Weapon Systems
    • Reports
No Result
View All Result
DefenceTalk
No Result
View All Result

Cybersecurity: DOD Needs to Improve Cyber Hygiene

by Government Accountability Office
April 15, 2020
in Cybersecurity
3 min read
0
Hacker ‘ceasefire’ gets little traction as pandemic fuels attacks
18
VIEWS

The Department of Defense (DOD) has not fully implemented three of its key initiatives and practices aimed at improving cyber hygiene. Carnegie-Mellon University defines cyber hygiene as a set of practices for managing the most common and pervasive cybersecurity risks. In discussions with GAO, DOD officials identified three department-wide cyber hygiene initiatives: the 2015 DOD Cybersecurity Culture and Compliance Initiative, the 2015 DOD Cyber Discipline Implementation Plan, and DOD’s Cyber Awareness Challenge training.

The Culture and Compliance Initiative set forth 11 overall tasks expected to be completed in fiscal year 2016. It includes cyber education and training, integration of cyber into operational exercises, and needed recommendations on changes to cyber capabilities and authorities. However, seven of these tasks have not been fully implemented.

The Cyber Discipline plan has 17 tasks focused on removing preventable vulnerabilities from DOD’s networks that could otherwise enable adversaries to compromise information and systems. Of these 17, the DOD Chief Information Officer is responsible for overseeing implementation of 10 tasks. While the Deputy Secretary set a goal of achieving 90 percent implementation of the 10 CIO tasks by the end of fiscal year 2018, four of the tasks have not been implemented. Further, the completion of the other seven tasks was unknown because no DOD entity has been designated to report on the progress.

The Cyber Awareness training is intended to help the DOD workforce maintain awareness of known and emerging cyber threats, and reinforce best practices to keep information and systems secure. However, selected components in the department do not know the extent to which users of its systems have completed this required training. GAO’s review of 16 selected components identified six without information on system users that had not completed the required training, and eight without information on users whose network access had been revoked for not completing training.

Beyond the initiatives above, DOD has (1) developed lists of the techniques that adversaries use most frequently and pose significant risk to the department, and (2) identified practices to protect DOD networks and systems against these techniques. However, the department does not know the extent to which these practices have been implemented. The absence of this knowledge is due in part to no DOD component monitoring implementation, according to DOD officials. Overall, until DOD completes its cyber hygiene initiatives and ensures that cyber practices are implemented, the department will face an enhanced risk of successful attack.

While two recurring reports have provided updates to senior DOD leaders on cyber information on the Cyber Discipline plan implementation, department leadership has not regularly received information on the other two initiatives and on the extent to which cyber hygiene practices are being implemented. Such information would better position leaders to be aware of the cyber risks facing DOD and make more effective decisions to manage such risks.

Why GAO Did This Study
DOD has become increasingly reliant on information technology (IT) and risks have increased as cybersecurity threats evolve. Cybersecurity experts estimate that 90 percent of cyberattacks could be defeated by implementing basic cyber hygiene and sharing best practices, according to DOD’s Principal Cyber Advisor.

Senate Report 115-262 includes a provision that GAO review DOD cyber hygiene. This report evaluates the extent to which 1) DOD has implemented key cyber hygiene initiatives and practices to protect DOD networks from key cyberattack techniques and 2) senior DOD leaders received information on the department’s efforts to address these initiatives and cyber hygiene practices.

GAO reviewed documentation of DOD actions taken to implement three cyber hygiene initiatives and reviewed recurring reports provided to senior DOD leaders.

What GAO Recommends
GAO is making seven recommendations to DOD, including that cyber hygiene initiatives be fully implemented, entities are designated to monitor component completion of tasks and cyber hygiene practices, and senior DOD leaders receive information on cyber hygiene initiatives and practices. Of the seven recommendations, DOD concurred with one, partially concurred with four, and did not concur with two. GAO continues to believe that all recommendations are warranted.

Click here for the full report (54 PDF pages)

Tags: cyber attackscybersecuritysecurity
Previous Post

China Delivers VT-4 Tanks, Self-Propelled Artillery to Nigeria

Next Post

Morocco to Buy AGM-84L Harpoon Air Launched Block II Missiles

Related Posts

Hacker ‘ceasefire’ gets little traction as pandemic fuels attacks

Hacker ‘ceasefire’ gets little traction as pandemic fuels attacks

April 3, 2020

Internet users have seen a surge in COVID-related cyberattacks and fraud schemes which could add to the misery of the...

Surge in COVID-themed cyberattacks

Surge in COVID-themed cyberattacks

March 18, 2020

It may look like an email from a supervisor with an attachment on the new "work from home policy." But...

Next Post
Morocco to Buy AGM-84L Harpoon Air Launched Block II Missiles

Morocco to Buy AGM-84L Harpoon Air Launched Block II Missiles

Latest Defense News

Future Army vehicles could see an improvement in structural materials

April 15, 2020
Morocco to Buy AGM-84L Harpoon Air Launched Block II Missiles

Morocco to Buy AGM-84L Harpoon Air Launched Block II Missiles

April 15, 2020
Hacker ‘ceasefire’ gets little traction as pandemic fuels attacks

Cybersecurity: DOD Needs to Improve Cyber Hygiene

April 15, 2020
China Delivers VT-4 Tanks, Self-Propelled Artillery to Nigeria

China Delivers VT-4 Tanks, Self-Propelled Artillery to Nigeria

April 15, 2020

2nd Sailor from USS Theodore Roosevelt moved into Intensive Care

April 15, 2020
India to Buy AGM-84L Harpoon Air-Launched Block II Missiles

India to Buy AGM-84L Harpoon Air-Launched Block II Missiles

April 14, 2020

Defense Forum Discussions

  • Libya Thread 2.0
  • Royal New Zealand Air Force
  • General Aviation Thread
  • Royal New Zealand Navy Discussions and Updates
  • Midtguardian Defence Forces
  • New Coronavirus threat
  • A400m
  • The new members introduction thread.
  • Made in Singapore Equipment
  • Is the US losing its position as the world sole superpower due to covid-19?
DefenceTalk

© 2003-2020 DefenceTalk.com

Navigate Site

  • Defence Forum
  • Military Photos
  • RSS Feeds
  • About us
  • Advertise with us
  • Contact us

Follow Us

No Result
View All Result
  • Home
  • Defense News
    • Defense & Geopolitics News
    • War Conflicts News
    • Army News
    • Air Force News
    • Navy News
    • Missiles Systems News
    • Nuclear Weapons
    • Defense Technology
    • Cybersecurity News
  • Military Photos
  • Defense Forum
  • Military Videos
  • Military Weapon Systems
    • Weapon Systems
    • Reports

© 2003-2020 DefenceTalk.com