Swiss cheese more secure than US Army computer system

[vaskidmark]

http://borepatch.blogspot.com/2015/10/us-army-computer-systems-have-more.html

    The US Army has gaping holes in its information security infrastructure and operates an environment of vulnerability reporting fear, according to current and former members of the department's cyber wing.

    Captain Michael Weigand and Captain Rock Stevens make the comments in an academic piece on the Cyber Defense Review http://www.cyberdefensereview.org/2015/10/23/avrp/ , a joint project between the Army Cyber Institute and the US Marine Corps Forces Cyberspace Command.

    In it they say most of the Army's systems are underpinned by information technology but are exposed by an absence of centralised patch management and full bug remediation oversight, along with a "ban" on penetration testing.

I am certainly going to sleep sound knowing this.

stay safe.

[mtnbkr]

Not really any different than most large organization, public and private.

Chris

[Ben]

Not really any different than most large organization, public and private.

Chris

Other than the "no pen testing" thing,  at least for .gov.  if anything,  we used to spend almost too much time in pen test prep mode. Seems strange of all the gov,  these guys would blow it off.

[Firethorn]

As an example, the USAF has dedicated penetration testing teams.

So I'm not sure that the "ban on penetration testing" is accurate.  A ban on outside test groups, maybe.

[mtnbkr]

So I'm not sure that the "ban on penetration testing" is accurate.  A ban on outside test groups, maybe.

Probably non-authorized pen testing, aka hacking.

Chris

[MillCreek]

As an example, the USAF has dedicated penetration testing teams.

That's what she said.  Ahem. Phrasing. Inappropes.

[MechAg94]

Maybe the actual pen test teams are still trying to solve the Fountain/ball point question.

[dogmush]

At least we don't store classified data on General's private servers.

We're not the worst!  Yea!

[Fitz]

not at all surprising to me