The OIG Takes the DoD to Task for Ignoring Cybersecurity Recommendations for Over Ten Years
RIEGELSVILLE, Pa., May 15, 2023 /PRNewswire-PRWeb/ -- When Hollywood depicts the underworld of computer hackers, with pulse-pounding scenes of a battle between good and evil government actors trying to save or take down the world, the lighting is ominous, fingers fly effortlessly across multiple keyboards at once while opening and closing firewalls at lightning speed. And slick federal intelligence agencies always have the latest in flashy, high-tech gadgetry. But reality rarely measures up. The Pentagon, the headquarters of the Department of Defense (DoD), is a powerful symbol of the military might and strength of the United States. However, from 2014 to 2022, 822 government agencies have been victims of cyberattacks, affecting nearly 175 million government records at a cost of approximately $26 billion.(1) The DoD is under the watchful eye of the DoD OIG (Office of Inspector General), and their most recent audit report is a black eye to the reputation of the nation's largest government agency. Walt Szablowski, Founder and Executive Chairman of Eracent, which has provided complete visibility into its large enterprise clients' networks for over two decades, warns, "The implications could be catastrophic if the DoD, our biggest line of defense against internal and external cyberthreats, takes one day, one hour, or one minute too long to take corrective actions to remove vulnerability-packed and obsolete hardware and software from its critical IT infrastructure. Zero Trust Architecture is the biggest and most effective tool in the cybersecurity toolbox."
- The Pentagon, the headquarters of the Department of Defense (DoD), is a powerful symbol of the military might and strength of the United States.
- Zero Trust Architecture is the biggest and most effective tool in the cybersecurity toolbox."
- (2) Three weeks later, the DoD OIG publicly released its Summary of Reports and Testimonies Regarding DoD Cybersecurity from July 1, 2020, Through June 30, 2022 (DODIG-2023-047) audit summarizing the unclassified and classified reports and testimonies regarding DoD cybersecurity.
- The first step is to define the size and scope of the network and identify what needs to be protected.