The Weird & Tragic Timeline of Pentagon Cybersecurity

Posted    |    Rating: not yet rated

It’s not quite as well publicized as it ought to be, but then again, the situation with the Department of Defense’s cybersecurity is evolving week by week or faster. What began as a declaration of known threats and vectors and autoritative actions taken to minimize risks changed to icy silence. More recently, the same measures have been described by those on the outside as a “dumpster fire.”

Even a stoic evalution struggles to avoid hitting some alarm bells. Somewhere, someone thought October should be Cybersecurity month. DoD played along. The Number Two guy rolled out trolled happily by news outlets extolling the newest measures and purchases that would ensure success.

No one missed an opportunity to refocus public security ire on Russia and China to make Cybersecurity Month’s mission a critical reminder of what’s important as midterm elections gear up. Trump even re-branded 2016 anti-Russian election-meddling verbage to claim the Chinese were poised to tinker with midterm elections 2018.

Initial Announcements…

September 19
TASS: World – Pentagon identifies Russia, China as threats to cybersecurity
Fedscoop Pentagon’s No. 2 calls cybersecurity ‘the expectation’ as DOD releases new cyber strategy
Fifthdomain Shanahan: cybersecurity will become new measure for industry

Cybersecurity is, you know, probably going to be what we call the ‘fourth critical measurement.’ We’ve got quality, cost, schedule, but security is one of those measures that we need to hold people accountable for…
-Patrick M. Shanahan, Deputy Secretary of Defense

September 21
National Security Presidential Memorandum 13, or NSPM 13 from The Aviationist White House Authorizes “Offensive Operations” As Part of New Cyber Security Strategy

One Week In…

A new term, Defending Forward, joins the lexicon of peculiar twists of English that have become so popular; simple phrases that, when picked apart, will hopefully become winning tokens in a game of collecting oxymorons in the near future. (Long-standing examples include the Dodge Ram, Pretty Ugly, Cherokee Pioneer and anything Discovered Missing.)

The dangerous act Defending Forward defends with successful confusion is the reversal of Barack Obama era Cyber Attack rules which demanded coordination and attacks as retaliation. Now, no more.

September 25
Council on Foreign Relations The Implications of Defending Forward in the New Pentagon Cyber Strategy

Cybersecurity Month Begins…

October 1
InsideCyberSecurity Pentagon entities proactively using NIST tool to assess contractor cybersecurity (paywall)
October 3
c4isr How the Pentagon can help improve supply chain cybersecurity

The key bit is culture. It’s not just a thing that the “sixes” or IT staff know about. We need to enculturate people to do this on their own and they realize the efficacy both in the workplace and at home.

The words are right. All employers use the same to some degree. Actual enculturation of safety at work and at home is lacking terribly worldwide. The Pentagon thought they had this human flaw licked; they were pretty sure they had jammed the right behavior successfully into the culture of their staff.

At this point in time, it was too soon for news organizations to report anything they might have known, but if nothing is a coincidence, then this is telling. October 4 US Vice President, Mike Pence doubles down on the China mid-term election security threat echoing Trumps words a week earlier. It seemed unsolicited news at the time and awkward. It was largely ignored especially since security experts had already cast doubt on the original claim.

Post-mortem…

It all went haywire. 1.6 trillion dollars, that’s $1,599,999,999,999.99 all digits out, worth of defense weapons and systems and missles were riddled with cybersecurity holes. Control over a great number of dangerous tricks and treats were easily lost; naturally, the specifics of which and how many goodies are confidential.
October 9
Taskandpurpose New Report Says Pentagon Cyber Security Is A Huge Dumpster Fire
October 10
The Washington Post Nearly all new U.S. weapons systems have ‘critical’ cybersecurity problems, auditors say (paywall)

In one case, a test team flashed pop-up messages in front of the computer screen used to operate a weapons system, instructing users (Pentagon Cybersecurity experts) to insert quarters before continuing. -The Washington Post

Short-lived lustre. Russia and China as threats to defense were bumped into second and third place by the very cybersecurity systems meant to defend defense.
October 12
InsideCyberSecurity DOD report identifies cybersecurity as threat to defense industrial base (paywall)

While largely humbling and irresistibly public for US critics to see, that’s the kind of US there needs to be. All this stinging foot-in-mouth is only possible with free presses and speech and love’em or leave’em, beat’em or join’em or whatever the mentality you hear or feel you have, it’s worth protecting the environment that allows it all. And improving the culture only happens when you can see where improvment is needed.

Author