Pentagon making progress on cybersecurity amid challenges, watchdog says
WASHINGTON – The Department of Defense is making significant progress by blocking sensitive networks amid cyber challenges from foreign opponents determined to gain access to intelligence, reports a federal surveillance dog show.
As of January, the department recorded 70% or more compliance in implementing four select protections for unclassified controlled information, which may include data linked to critical technologies or the development and operation of weapons and defense infrastructure. , according to the Government Accountability Office.
Pentagon networks store massive amounts of data and are under constant threat from attacks from competitors such as Russia, China, Iran and North Korea. Russia’s assault on Ukraine adds to U.S. cybersecurity concerns, as federal officials and other experts warn of Moscow’s history and malicious cyber reach in the digital domain. Violation of CUI systems, and widespread dissemination or theft of information, could pose real risks to US security.
“Safeguarding federal computer systems has been a long-standing concern,” the GAO wrote in a May 19 note to congressional committees. “By emphasizing the importance of this issue, we’ve included cybersecurity on our high-risk list since 1997.”
The Office of Accountability’s assessment, released on Thursday, found that while no entity fully complied with the key cybersecurity requirements of CUI, the Pentagon is moving in the right direction. The GAO from May 2021 to May 2022 focused on some 2,900 CUI systems, most of which are owned by the Army, Air Force, Navy, Marine Corps, and the Defense Health Agency.
The head of security for the entire CUI systems department is the information director, currently John Sherman. The GAO in its report said the intelligence office “has taken recent action to address” the issues and noted that the department has been monitoring progress.
The GAO audit did not include formal recommendations or solutions for the Pentagon. Sherman in a pre-publication letter in late April acknowledged the analysis of the watchdog and maintained the work of his office.
“As stated in the report, the Department has taken steps to work with DoD components to ensure the implementation of appropriate security measures for CUI systems,” Sherman wrote.
Colin Demarest is a journalist at C4ISRNET, where he covers military, cybernetic and computer networks. Colin previously covered the Department of Energy and its NNSA, the Cold War Cleanup and the Development of Nuclear Weapons, for a South Carolina newspaper. Colin is also an award-winning photographer.