The Department of Defense, Office of the Inspector General, published an audit of classified networks as a requirement of congress. See the report by clicking (Inspector General Report). In order to avoid the use of expletives in my writing (a New Year's resolution), I'll just excerpt from the actual report:

We determined that officials did not consistently implement security controls and processes to protect BMDS technical information. Specifically, network administrators and data center managers did not:

  • require the use of multifactor authentication to access BMDS technical information;

  • identify and mitigate known network vulnerabilities at three of the five Components visited;

  • lock server racks;

  • protect and monitor classified data stored on removable media;

  • encrypt BMDS technical information transmission;

  • implement intrusion detection capabilities on classified network; and

  • require written justification as a condition to obtain and elevate system access for users.

In addition, facility security officers did not consistently implement physical security controls to limit unauthorized access to facilities that managed BMDS technical information.

Security control weaknesses existed because officials did not consistently verify the effectiveness of implemented security controls and assess the impact of missing security controls. Without well-defined, effectively implemented system security and physical access controls, the MDA and its business partners may disclose critical details that compromise the integrity, confidentiality, and availability of BMDS technical information. The disclosure of technical details could allow U.S. adversaries to circumvent BMDS capabilities, leaving the United States vulnerable to deadly missile attacks. Increasing threats of long-range missile attacks from adversaries requires the effective implementation of system security controls to help reduce the number of exploitable weaknesses that attackers could use to exfiltrate BMDS technical information.

As I said ("Hello Comrade, what'cha doin' all winter in Siberia on that computer of yours?"), I've set a New Year's resolution to eliminate expletives from my communications, Holy What In Tarnnation!!!! Give me a break! And these are the people we're counting on to protect us?


Popular Posts