Marissa Bergen

Get started on your cybersecurity degree at American Military University.

By Marissa Bergen 
Contributor, InCyberDefense

Cybersecurity is not something that should be taken for granted. Little things we do to protect sensitive information can make a big difference in security.

At this point, no one is probably more aware of the need for cybersecurity than the U.S. government. In a recent investigation by the Department of Defense’s Office of Inspector General, investigators found that several DoD facilities neglected to take basic security precautions, such as encrypting flash drives and physically locking critical computer servers.

Inspector General’s Report Cites Lapses in Army, Navy and MDA Programs

The investigation examined five of the 104 DoD facilities that manage ballistic missile defense systems and technical information. Although the 44-page report did not specify which facilities were involved, it was made clear that certain programs of the Army, Navy and Missile Defense Agency (MDA) were responsible for cybersecurity lapses.

The report accused the Army, Navy and MDA of not taking measures to protect networks and systems that contain basic missile defense technical information from unauthorized access and use. These security shortcomings could lead to the disclosure of critical details that could compromise technical information. Also, a lack of sufficient security could allow U.S adversaries to circumvent the security measures in place, leaving the U.S. vulnerable to deadly missile attacks.

Security Investigation Highlights Multiple Cybersecurity Problems

The investigation found failures in at least three of the seven security factors under review. The most troubling finding was that network administrators at the DoD facilities did not stay on top of known network vulnerabilities, including those that were flagged as potential threats. One vulnerability had been flagged as critical as far back as 1990 and still had not been addressed.

Other ways DoD facilities did not meet necessary cybersecurity measures included:

  • Not implementing basic security measures such as installing security cameras to monitor who was going in and out of the facility
  • Making sure access to computer servers was restricted to authorized personnel only
  • Failing to lock doors to server rooms
  • Leaving server room door keys in unlocked filing cabinets
  • Allowing employees and contractors to take classified data on removable media without proper authorization

Hopefully, security improvements will be made in the near future to minimize the chances of a missile attack. In the meantime, the Inspector General’s report is just another painful reminder of how important cybersecurity can be.

About the Author

Marissa Bergen is a freelance writer from Brooklyn, New York. Passionate about everything from fashion to technology, her writing experience has increased her awareness of digital marketing, cybersecurity and the ever-expanding World Wide Web. She now lives in Los Angeles with her husband and two children. Google her to find out more about her writing and her other life as a bass player in her family band, The CheeseBergens.