Instead of daily network hygiene, problems are being dealt with on an “episodic” basis, said Army Lt. Gen. Mark Bowman, the Joint Staff J6, and director or command, control, communication, computers/cyber, speaking at an industry event.
“When Microsoft or Adobe comes out with a patch, the bad guys are using that stuff too, so they know where the vulnerable areas are,” Bowman said. “We have these combatant command readiness checks, and it appears to be an episodic thing, where a whole lot of work goes on when you’re getting ready to be inspected.”
Though Bowman did not mention a specific incident that linked a security flaw, he said several simple security flaws, easily avoided, have opened the door to breaches.
“We’re all reading about breaches in security, and every one that I can think of is related to poor network hygiene, some patch that somebody didn’t put in, some weak password that somebody had, some systems administrator that had a simple password that could be hacked,” Bowman said. “These are simple things; this is our job.”
Bowman outlined several growing pains for the Defense Department’s overarching network modernization effort. The Defense Information Systems Agency (DISA) is leading the charge to collapse DoD’s sprawling, disparate networks into a more cost-effective, defendable structure known as the Joint Information Enterprise (JIE).
I am not sure JIE is going to make DoD networks more defendable, nor more cost-effective, but time will tell. What I do know is JIE has been discussed for nearly ten years and we do not seem any closer to realizing it today than we did in the beginning.
JIE is one big boondoggle after another.