Indian Strategic Studies

Pages

▼

23 December 2018

DoD IG: Military networks are exposed to ‘unnecessary’ cyber risks

By: Mark Pomerleau  
Source Link

The military services are exposing networks to “unnecessary cybersecurity risks” thanks in part to a lack of visibility over software application inventories, according to a Department of Defense Inspector General report.

The IG investigated whether DoD components rationalized their software applications by identifying and eliminating any duplicative or obsolete applications. Rationalizing software applications seeks to improve enterprise IT by identifying all software applications on the network; determining if existing applications are needed, duplicative or obsolete; and determining if applications already existing within the network prior to purchasing new ones.

The audit — which focused on Marine Corps, Navy and Air Force commands and divisions — found that the groups examined did not consistently perform this rationalization process. By not having visibility into software application inventories, these organizations were unable to identify the extent of existing vulnerabilities within their applications, the report found.


Moreover, such a process could lead to cost savings associated with eliminating duplicative and obsolete applications.

Fleet Forces Command was the only command the IG reviewed that had a process in place for eliminating duplicative or obsolete applications. The Air Force did not have a process in place to prevent duplication when purchasing new applications.

The report placed blame on the DoD chief information officer for not implementing a solution for software rationalization in response to Federal Information Technology Acquisition Reform Act requirements.

The IG made three recommendations for the CIO, who did not provide a response to draft recommendations:

Develop an enterprisewide process for conduction software application rationalization throughout DoD; 
Establish guidance requiring DoD components to conduct rationalization and require DoD component CIOs to develop implementation guidance outlining responsibilities for rationalization. Such a policy should also require components on at least an annual basis to validate the accuracy of their owned and in use software applications inventory; and 
Conduct periodic review to ensure components are regularly validating the accuracy of their inventory and they are eliminating duplicative and obsolete applications.
Maj Gen P K Mallick, VSM(Retd) at 00:05

No comments:

Post a Comment

‹
›
Home
View web version

About Me

My photo
Maj Gen P K Mallick, VSM(Retd)
B.E, M Tech, M Sc (Defence Studies), M Phil, MMS, taken part in CI Ops in Valley, Assam and Punjab. Worked in EW, SIGINT, Cyber, IT and Comn field. Wide experience in Command, Staff and Instructor appointments. Has been Senior Directing Staff (Army) in National Defence College. Published a large number of papers in peer reviewed journals on contemporary issues. He delivers talk in Seminar, Panel Discussion and workshops regularly. He has interests in Cyber, SIGINT, Electronic Warfare, Technology and CI/CT Ops.
View my complete profile
Powered by Blogger.