Newsmax offers additional reporting on the cyber defense issues within DoD, this time specifically calling out serious gaps in military software leaving America vulnerable to nation state cyber attacks:

The report warns that U.S. “Red Teams” testing military computer systems “using cyber attack tools which can be downloaded from the Internet, are very successful at defeating our systems.”

Meanwhile, China has hacked into U.S. defense contractors, obtaining information on defense systems such as the F-35 Joint Strike Fighter, which could enable China to “disrupt the aircraft’s sophisticated electronics, rendering the jet either ineffective in combat or, more likely, vulnerable to increasingly sophisticated Chinese air defenses,” the Free Beacon reports.

It adds, “Chinese military writings have also identified U.S. command and control networks as vulnerable to disruption by cyber strikes and major targets for cyber warfare attacks.”

The Defense Science Board report notes that DOD and contractor technology, “built on inherently insecure architectures that are composed of, and increasingly using, foreign parts,” already have resulted in “staggering losses of system design information.”

For the foreseeable future expect Congress to increase DoD cyber security funding to fight these threats. Part of the problem with this approach is the weakest link in DoD are the people, not the systems, controls, and cyber defense mechanisms in place.

DoD needs to spend more on cyber security awareness training so all computer users understand the threat and know how to act appropriately. Far too often, people mindlessly open obviously dangerous email file attachments, never once stopping to consider the source and the intent behind sending the attachment.

In most cases these attachments are benign, or possibly stripped by cyber defense measures. But sometimes they make it to user inboxes whereupon they are opened without nary a thought by the recipient. This is the type of education DoD needs more of, and it also needs to hold people accountable for not adhering to sound security practices.

As with most things in DoD, the average user will be held to higher standards than senior leadership. This backwards thinking it what gets DoD into trouble and it needs to stop before more damage is done.