A federal watchdog group has claimed the Pentagon does not have sufficient or effective policies to track and curtail attempted cyberattacks by intelligence arms of Russia, China, and Iran.
Hackers from these countries and others have attempted to penetrate computer systems belonging to the Department of Defense (DOD) with more than 1,500 cyberattacks per year, according to data from 2015 to 2021 published by the Government Accountability Office (GAO), The Washington Free Beacon reported.
"DOD's system for reporting all incidents often contained incomplete information, and DOD could not always demonstrate that they had notified appropriate leadership of relevant critical incidents," according to the GAO. "Until DOD assigns such responsibility, DOD does not have assurance that its leadership has an accurate picture of the department's cybersecurity posture."
These shortcomings are primarily due to the Defense Department's failure to assign an organization the task of tracking these incidents, even though the agency itself and Congress have mandated officials do so, The Free Beacon reported.
The failure to place safeguards helps malicious cyber hackers, including foreign nations that are trying daily to penetrate these networks, The Free Beacon notes.
Ninety-one percent of the reports reviewed by government investigators "did not include information on the discovery date of the incident, hindering DOD's ability to determine whether incidents were reported … in a timely manner," according to the report. Nearly 70% of the reports did not include information about the specific type of cyberattack, "limiting DOD's ability to identify trends in the prevalence of various threats affecting its networks."
The Free Beacon notes the number of reported cyber incidents have dropped during the past several years — from 3,880 in 2015 to 948 in 2021.
According to the GAO report, people in charge of monitoring and reporting hack attacks "also did not consistently notify DOD leadership of incidents that had a detrimental impact on DOD's ability to perform its mission or availability of its networks."
"Until DOD assigns responsibility for ensuring complete and updated incident reporting and proper leadership notification, the department will not have assurance that its leadership has an accurate picture of its posture," the report cautioned. "As a result, the department may miss opportunities to assess threats and weaknesses, gather intelligence, support commanders, and share information."
The "vast majority" of cyberattacks logged during the reporting period were "malicious logic" penetrations, a hacking technique in which malicious software is unwittingly downloaded onto a computer and then used by an adversary to gain access and information without the user's knowledge, The Free Beacon noted. These accounted for more than 11,500 of the incidents logged from 2015 to 2021.
Other incidents included "unauthorized privileged access to an information system" and denial-of-service attacks, a crude form of hacking that disrupts a computer system.
While the DOD established two mechanisms to track and report cyberattacks, the GAO found that it "has not fully implemented either process."
© 2023 Newsmax. All rights reserved.