Department of Defense
Watchdog Finds Cyber Vulnerabilities in DOD Cloud, Network Security Initiatives
The Department of Defense’s Office of the Director, Operational Test and Evaluation has flagged cybersecurity issues in two of the department’s digital modernization strategy initiatives.
In its annual report for fiscal year 2020, the watchdog raised concerns about the cyber survivability of the Defense Enterprise Office Solution, an enterprise-wide commercial cloud environment meant to standardize cloud adoption and enable cross-department collaboration.
According to DOT&E, the Defense Department needs to conduct comprehensive cyber testing to ensure the security of the commercial cloud and hosting infrastructures used as part of the DEOS program, FCW reported Tuesday.
The testing and evaluation body recommended that DOD update DEOS’ testing and evaluation master plan for classified and unclassified networks.
DOT&E also reported problems with the Joint Regional Security Stacks initiative.
JRSS is a suite of equipment designed to perform firewall functions, intrusion detection and prevention, enterprise management and virtual routing and forwarding to ensure network security.
Cyber vulnerabilities in JRSS have persisted since 2019. Back then, DOT&E recommended the program be paused until the issues were resolved.
Not much has changed since, with the watchdog now urging DOD to look for JRSS alternatives.
The report suggested that DOD pursue ongoing pilot work to replace JRSS. The department was also advised to completely suspend classified JRSS operations if zero trust architectures prove viable.
DOT&E also told DOD to stop the migration of new users until the system can effectively help network defenders detect and respond to operationally realistic cyber attacks.
Category: Cybersecurity