Logo

American Security Council Foundation

Back to main site

Alan W. Dowd is a Senior Fellow with the American Security Council Foundation, where he writes on the full range of topics relating to national defense, foreign policy and international security. Dowd’s commentaries and essays have appeared in Policy Review, Parameters, Military Officer, The American Legion Magazine, The Journal of Diplomacy and International Relations, The Claremont Review of Books, World Politics Review, The Wall Street Journal Europe, The Jerusalem Post, The Financial Times Deutschland, The Washington Times, The Baltimore Sun, The Washington Examiner, The Detroit News, The Sacramento Bee, The Vancouver Sun, The National Post, The Landing Zone, Current, The World & I, The American Enterprise, Fraser Forum, American Outlook, The American and the online editions of Weekly Standard, National Review and American Interest. Beyond his work in opinion journalism, Dowd has served as an adjunct professor and university lecturer; congressional aide; and administrator, researcher and writer at leading think tanks, including the Hudson Institute, Sagamore Institute and Fraser Institute. An award-winning writer, Dowd has been interviewed by Fox News Channel, Cox News Service, The Washington Times, The National Post, the Australian Broadcasting Corporation and numerous radio programs across North America. In addition, his work has been quoted by and/or reprinted in The Guardian, CBS News, BBC News and the Council on Foreign Relations. Dowd holds degrees from Butler University and Indiana University. Follow him at twitter.com/alanwdowd.

ASCF News

Scott Tilley is a Senior Fellow at the American Security Council Foundation, where he writes the “Technical Power” column, focusing on the societal and national security implications of advanced technology in cybersecurity, space, and foreign relations.

He is an emeritus professor at the Florida Institute of Technology. Previously, he was with the University of California, Riverside, Carnegie Mellon University’s Software Engineering Institute, and IBM. His research and teaching were in the areas of computer science, software & systems engineering, educational technology, the design of communication, and business information systems.

He is president and founder of the Center for Technology & Society, president and co-founder of Big Data Florida, past president of INCOSE Space Coast, and a Space Coast Writers’ Guild Fellow.

He has authored over 150 academic papers and has published 28 books (technical and non-technical), most recently Systems Analysis & Design (Cengage, 2020), SPACE (Anthology Alliance, 2019), and Technical Justice (CTS Press, 2019). He wrote the “Technology Today” column for FLORIDA TODAY from 2010 to 2018.

He is a popular public speaker, having delivered numerous keynote presentations and “Tech Talks” for a general audience. Recent examples include the role of big data in the space program, a four-part series on machine learning, and a four-part series on fake news.

He holds a Ph.D. in computer science from the University of Victoria (1995).

Contact him at stilley@cts.today.

Watchdog finds the Pentagon is behind on several cybersecurity initiatives

Tuesday, April 14, 2020

Categories: ASCF News Emerging Threats Cyber Security

Comments: 0

The Department of Defense is behind on several internal cybersecurity initiatives, years after some were expected to be completed, Congress’ watchdog agency has found.

An April 13 report from Government Accountability Office report, titled "DOD Needs to Take Decisive Actions to Improve Cyber Hygiene,” warned that the Pentagon faces increased cybersecurity risk because the department hasn’t implemented basic cybersecurity practices.

“Overall, until DOD completes its cyber hygiene initiatives and ensures that cyber practices are implemented, the department will face an enhanced risk of successful attack," GAO officials wrote.

The watchdog evaluated three Pentagon initiatives: DOD Cybersecurity Culture and Compliance Initiative (DC3I), Cybersecurity Discipline Implementation Plan (CDIP), and cyber awareness training.

The DC3I initiative, which is aimed at boosting cyber training and integrating cyber into operational exercises, included 11 tasks that were expected to be implemented at the end of fiscal 2016. However, the GAO found that seven of those tasks are not yet complete. For example, as of October, some defense organizations haven’t received two cybersecurity training briefs created by U.S. Cyber Command for leadership training that would’ve provided important cybersecurity information, according to the report.

If these documents had been provided, “they may have learned, among other things, how to understand, assess, and interpret cyber-reportable events and incidents and how they affect military operations,” the GAO wrote.

The report also found that the seven remaining DC3I initiatives weren’t completed because the DoD’s Chief Information Officer’s office didn’t take steps to ensure their implementation. Leaders from the Pentagon’s CIO office told the GAO that they weren’t aware of this responsibility, although it has been tasked with the duty since December 2016.

“If DOD CIO does not take appropriate steps to ensure that the DC3I tasks are implemented, the department risks compromising the confidentiality, integrity, and availability of mission-critical information as a result of human error by users on the department’s networks,” GAO officials wrote.

Details about the status of several pieces of the DoD’s Cybersecurity Discipline Implementation Plan, an initiative with 17 tasks focused on eliminating preventable vulnerabilities from Pentagon networks, are murky. Four of the 10 tasks led by the CIO’s office remain incomplete. However, the status of seven others are unknown because “no DOD entity has been designated to report on the progress,” the report said.

Some tasks that lack a lead for implementation include basic cybersecurity hygiene capabilities include disabling links in emails and ensuring cyber incident response plans are documented and properly exercised. As for the four tasks the DoD CIO office didn’t complete, officials told the GAO the tasks are difficult to implement because of the old IT system used by DoD components.

The Defense Department also hasn’t fully adopted its 2018 Cyber Awareness Challenge Training, a program meant to teach the DoD workforce best cybersecurity practices, the report said. However, the DoD found that several components across the department didn’t collect information on the completion rate of the training.

For example, the Army couldn’t provide data on the number of users who had completed the training. Meanwhile, six components, including the Navy, Air Force, Marine Corps and European Command, didn’t collect information on who hadn’t completed the training. Navy officials told GAO that they didn’t see the value in collecting and reporting data to its headquarters.

The GAO also wrote that eight of 16 components evaluated didn’t know how many users had their network access revoked because they hadn’t completed the training.

“If the DOD component heads do not ensure that their respective components accurately monitor and report information on the extent that users have completed the Cyber Awareness Challenge training—as well as have access revoked for not completing the training—the components may be unable to ensure that DOD users are trained in the steps needed to address cybersecurity threats to the department,” GAO wrote.

The department has also identified the 177 cyberattack techniques used by adversaries, prioritized them by level of risk and released cyber hygiene practices to mitigate the most frequent attacks. However, the department doesn’t know the extent to which they are used.

“No component or office within the department has complete visibility of the department’s efforts to implement these protective practices across the department,” the GAO found.

The GAO made seven recommendations to the department, ranging from ensuring that the three cybersecurity initiatives are completed to accurate monitoring and tracking of implementation of different aspects of cyber hygiene.

The department fully agreed with just one recommendation – that all components be required to take the Cyber Awareness Challenge training.

Photo: The Defense Department's struggling implement several cybersecurity programs. (BeeBright)

Link: https://www.fifthdomain.com/dod/2020/04/13/watchdog-finds-the-pentagon-is-behind-on-several-cybersecurity-initiatives/

Comments RSS feed for comments on this page

There are no comments yet. Be the first to add a comment by using the form below.