Pentagon Has No Policy To Track Hackers, Report Finds

( )- According to findings by a congressional watchdog, the Pentagon has failed to implement policies to track attempted cyberattacks by Russia, China, Iran, and other malevolent hackers, leaving the U.S. government with insufficient information on the more than 12,000 attempted hacks by opponents since 2015.

The Government Accountability Office (GAO), a federal investigative group, recently found that the Pentagon frequently fails to log or report these attacks to leadership properly. Data from 2015 to 2021 show that hackers attempted to penetrate Defense Department computer systems with over 1,500 cyberattacks per year. China, Iran, and Russia carried out many of the most well-known attacks.

According to the GAO, DOD’s system for reporting all incidents frequently contained inadequate information, and DOD could not consistently demonstrate that they had alerted appropriate leadership of relevant significant occurrences.

The DOD does not have the assurance that its leadership has an accurate view of the department’s cybersecurity position until the DOD allocates such responsibilities. These failures are primarily the result of the Defense Department not designating a group to be in charge of tracking these instances, even though both the agency and Congress have required officials to do so.

According to the research, even if the number of reported cyber incidents has decreased over the previous few years—from 3,880 in 2015 to 948 in 2021—Pentagon leaders and people whose personal information has been compromised might not be aware that an attack has occurred. The absence of security measures is a godsend to dangerous cyber hackers, especially foreign countries that attempt to breach these networks daily.

According to the GAO, the DOD “continues to lack a responsible organization and consistent instructions to guarantee complete and current reporting of all cyber events.”

More than 11,500 cyberattacks were recorded between 2015 and 2021 by the Department of Defense. Submissions of reports “were frequently unfinished and occasionally out of date,” according to the Government Accountability Office (GAO).

The GAO stated that while the DOD built two systems to monitor and report cyberattacks, “neither method has been completely deployed.”