July 29, 2011, 12:00 AM — Despite its recent efforts to build security good enough to keep teenage hactivist groups out of its servers, let alone organized cadres of foreign cyberwarriors, the U.S. Department of Defense has spent so long delaying any effort to come up to speed on digital attack and defense that it has a long slog to just catch up to the present, let alone prepare for the future, according to a damning new report.
In a long-awaited evaluation of DoD's digital security and warfare capabilities, the Government Accountability Office (GAO) reported July 25 that the DoD began taking cyberwar seriously only during the past two or three years, after ignoring warnings since at least 1991 that it was putting itself and the nation's digital infrastructure at risk by not taking the threat seriously.
That has changed in recent years, to the point that the Pentagon just launched a new Web site dediated to its "new" cybersecurity policy, which a general described as being more focused on offensive capability and deterrence through fear, at the same time a Congressman involved in funding for the program praised its tighter focus on defense.
Seriously, is there any large organization that doesn't suck at security? We need to spotlight companies that do it right and show everyone else what they're doing, because it seems to me that far, far more people suck at it than are good at it.
Confusion and lack of a central unifying force or clearly defined enemy caused the DoD to allow its cybersecurity infrastructure rot. Pentagon systems have been hacked repeatedly almost every year for the past two decades; it has done almost nothing to deter, stop or even slow down the attack on and penetration of U.S. government information systems by foreign intelligence agencies, criminal groups, individual hackers and terrorist groups, the report concluded.
Sandia National Labs.