Unfortunately, in this modern age of increasingly implemented cyber technology, almost no organization is a stranger to some sort of cyber threat. This is including one of our nation’s most secure facilities, the Pentagon. According to a report issued by the Inspector General of the Department of Defense (DOD), there have been findings of a multitude of potential cyber security holes within the Pentagon and overall DOD systems and infrastructure.
The report, which reviewed and cited Audit Reports from August 1, 2015, through July 31, 2016, found there to be several different extant weaknesses that need to be addressed. Reports as of August 1 2015 had contained 166 cybersecurity related recommendations, of which 28 had been closed as of July 31, 2016. This leaves a remaining 138 extant recommendations yet to be addressed. An additional 61 recommendations were also issued by the Government Accountability Office and DOD audit community for fiscal year 2016.
One of such security weaknesses involved the account access of Air Force Personnel. This was in regard to their Purchase Request Process System (PRPS), as it was found to not have adequate access controls to prevent unnecessary users from creating accounts within the system. This lead to 510 out of 2,867 users to have accounts that had no requirement for access. The Inspector General’s report states, “Access controls limit or detect inappropriate access to computer resources, thereby protecting them from unauthorized modification, loss, and/or disclosure.”
The Pentagon’s Plan for Rectification of Cyber Security
The Pentagon has formed a plan in regard to handling the overall issue of cybersecurity. The plan involves a total investment of 6.7 billion for fiscal year 2017, and an additional 34.6 billion over the next five years for the Future Years Defense Program. The report states, “The funds are intended to help the DoD continue to develop, train, and equip the Cyber Mission Force, and make new technological investments to strengthen cyber defenses and capabilities.”
As there is already increased concern in regard to Chinese and Russian sourced cyber attacks, the report may further compound that concern. These concerns are not unfounded, as there have been several different occurrences regarding these types of attacks. This includes an incident in August 2015, in which suspected Russian hackers were able to breach the Joint Chiefs of Staff unclassified email system and purloin computer system credentials from a multitude of military officials. This theft included the credentials of retired Gen. Martin Dempsey, who was the chairman at the time of the incident.