Pentagon Has No Policy to Track Attempted Cyber Hacks By Russia, China, Iran
Defense Department hit with more than 12,000 attempted hacks since 2015
Getty Images Adam Kredo • November 28, 2022 12:00 pm
The Pentagon has failed to put in place policies to track attempted cyberattacks by Russia, China, Iran, and other malicious hackers leaving the U.S. government with incomplete information on the more than 12,000 attempted hacks from enemies since 2015, according to findings by a federal watchdog.
Hackers have attempted to penetrate computer systems belonging to the Defense Department with more than 1,500 cyberattacks per year, according to data from 2015 to 2021 published by the Government Accountability Office (GAO), a federal investigatory group that recently determined the Pentagon is often not properly logging these attacks or reporting them to leadership. China, Iran, and Russia conducted many of the most high-profile attacks.
“DOD’s system for reporting all incidents often contained incomplete information and DOD could not always demonstrate that they had notified appropriate leadership of relevant critical incidents,” according to the GAO. “Until DOD assigns such responsibility, DOD does not have assurance that its leadership has an accurate picture of the department’s cybersecurity posture.” These failures are primarily due to the Defense Department’s failure to assign an organization the task of tracking these incidents, even though the agency itself and Congress have mandated officials do so.
Though the number of reported cyber incidents have dropped during the past several years—from 3,880 in 2015 to 948 in 2021—without the ability to fully detail and report these incidents, Pentagon leaders and those who have their personal information breached may not know an attack took place, according to the report. The failure to put safeguards in place serves as a boon to malicious cyber hackers, including foreign nations that are trying daily to penetrate these networks.
The DOD still “lacks an accountable organization and consistent guidance to ensure complete and updated reporting of all cyber incidents,” according to the GAO. Reports that were submitted “were often incomplete and not always updated.”
Ninety-one percent of the reports reviewed by government investigators “did not include information on the discovery date of the incident, hindering DOD’s ability to determine whether incidents were reported … in a timely manner,” according to the report. Nearly 70 percent of the reports did not include information about the specific type of cyberattack, “limiting DOD’s ability to identify trends in the prevalence of various
" Conservative News Daily does not always share or support the views and opinions expressed here; they are just those of the writer."
Now loading...