Pentagon Seeks to Resolve Vulnerabilities Found in Commercial Cloud Offerings

The Department of Defense has found several security problems in the commercial cloud services offered by Joint Warfighting Cloud Capability vendors and wants to work with them to address the issues, Dave McKeown, DOD chief information security officer, said at the Billington Cybersecurity Summit on Tuesday.

The JWCC, the Pentagon’s $9 billion enterprise cloud program, was awarded in December to Google, Oracle, Amazon Web Services and Microsoft, which will compete for task orders.

A past Potomac Officers Club event speaker and 2023 Wash100 winner, McKeown noted that the lapses occurred on unclassified networks “where errors in the hypervisor management side of different vendors have led to IP addresses being exposed to the public.” Some data has been lost with the exposure, he added.

According to McKeown, the department is looking for “creative ways” to solve the vulnerabilities with the help of vendors, DefenseScoop reported.

McKeown disclosed that a full report on the vulnerable ports and protocols will be provided to the Joint Force Headquarters-DOD Information Network.