Pentagon’s cybersecurity tests aren’t realistic, tough enough:
“Cybersecurity must be built into system design, and the human defender should be included early on in cyber defense engineering and programmatic priorities for both system usability and training,” according to the Pentagon's chief tester.
By Jaspreet Gill on January 28, 2022 at 10:01 AM
WASHINGTON: A lack of operationally-realistic threat testing and inadequately resourced program offices are the root causes of many cybersecurity problems that put the Defense Department’s critical missions at risk, according to the latest report from the Pentagon’s testing and evaluation body.
In the new report, published Thursday, the Pentagon’s Director of Operational Test and Evaluation (DOT&E) states DoD should refocus its cybersecurity efforts on its cyber defender personnel instead of focusing primarily on the technology associated with cyber tools, networks and systems, and train them to face off against more real threats earlier in the process.
For now, cybersecurity “Red Teams” are stretched too thin and the ones that do test military systems are doing it with one hand tied behind their back compared to what actual adversaries would do, the report said.
https://breakingdefense.com/2022/01/pentagons-cybersecurity-tests-arent-realistic-tough-enough-report/
