An Experiment Showed that the Military Must Change Its Cybersecurity Approach
The Defense Department’s current “checklist” approach can’t keep its networks safe.
PATRICK TUCKER | AUGUST 16, 2022
CYBER NAVY JADC2
Two years ago, a pair of Navy information leaders decided to attack their own networks—and not just once or twice a year during scheduled exercises, but far more frequently, and unannounced. Now they’re trying to get the rest of the Navy—and the Pentagon—to follow suit.
Their experiment showed that frequent, automated red-teaming reveals which vulnerabilities are the most dangerous, the easiest for an attacker to exploit with the highest impact—information they wouldn’t have otherwise, said Aaron Weis, the Navy’s chief information officer, or CIO, and Scott Bischoff, the command information officer at the Naval Postgraduate School.
And it’s far more effective than the way the Defense Department currently handles cybersecurity: with checklists of steps taken, patches implemented, and so on.
https://www.defenseone.com/technology/2022/08/experiment-showed-military-must-change-its-cybersecurity-approach/375925/